\AS 
PT-T ^0 



MAT 



_ JAL PROPERTY ORGANIZATION 
laifernational Bureau 




INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 7 
H04L 9/00 ^ , "W 



A2 



(11) International Publication Number: 



WO 00/69111 



(43) International Publication Date: 16 November 2000 (16.1 1.00) 



(21) International Application Wim^ 

(22) International Filing Date r / 1 " ' ' 



9 May 1 2Q00 (09.05.00) : 



(30) Priority Data: 

60/133,492 
' 09/560,784 iJ 



10 May 1999 ( IftiOXSW US 
28 April 2if)00 t (?8:04.00>- '• US 



(63) Related By Continuation (CON) or Continuation-in-Part 
(CIP) to Earlier Applications 

* ''us ,:l \ ;' :. ; /\/'J : ' 

Filed on \ 5 ~ ' " 
Filed on " f 



60/133,492 (CON) 
10 May 1999 (10.05.99) 
/ 09/560,784 (CON) 
28 April 2000 (28.0400) 



(71)(72) Applicant and Inventor: ■ DI RIENZO, Andrew, L. 
[US/US J; 1 18 Weaver Road, EHzaviile, NY 12523 (US). 

(74) A^erit: FEIGENBAUM" ' David, L.; Flsri & Richardson P.C.,\ 
? . _225,Franklin Street, Boston, MA ,02110^2804 (US)/ 



(81) Designated States: AE, AG, AL ; AM, AT, AU, AZ, BA, BB, 
BG, BR, BY, CA, CH, CN, CR,; CU, CZ, DE, DK, DM, 
, w DZ, EE, ES, FI, G£, GD, GE, GH, GM, HR, HU, ID, IL, 
1 ' 1V * IN, IS, JP, KE, KG, KP,;KR, KZ,.LC. Lk, LR, LS, LT, LU, 

K \ ■ lv, ma, md; mg, mkV mn, kw;'mx, no, nz, pl, pt, 

" ' " RO, RU, SD, SE, SG, Si; SK, SL, TJ, TM, TR, TT, TZ, 
" l)A, UG, US, UZ, vSl| YU,'ZA, ZW; ARIPO patent (GH, 
GM, KE, LS, MW, SD, SL, SZ, TZ, UG, ZW), Eurasian 
" 1 ' patent (AM,"A2, BY, KG, KZ; MD, RU, TJ, TM), European 
patent (AT, BE, CH, . CY; DE,. DK, ES, FI; FR, GB, GR, 
IE, IT, LU, MO, NL; PT/ SE), O API. patent (BF, BJ, CF, 
CG, CI, CM, GA, GN, GW, ML, MR,,NE, SN, TD, TG). 



Published" .... , — ~ . . f 

i , v- Without international search report and to be republished 
upon receipt of that report^ ..... , ...^ , . ;; . 



(54) Title: AUTHENTICATION f { ; ,. r ? > 

(57) Abstract . - . ~ . , _■ ! -- 1'^ 

In connection witfi authenticating a client of , a network, information is acquired Inarch that enables 

a determination .about authenticating" the client of the n^Work, ; tte inforinati^ man^in.theifpiro, of; a digital message 

that is passed on behalf of the client to trie network; an ^authentication decision is made basedf.on\the infonTjation.^ is encrypted 

in a manner that is based on. a physical property, of an intended recipient pt the. infc^apon; ; and e-eliyering 7 the .encrypted information to 
the recipient. A source of a beacon, is -physicaHy t asscK:iated with a person, times of receipt of me:.beacon,at rnultiple u stations are measured, 
and the location of mevfjeispn^s^d^term.ined based on thje times of .receipt. ^ : sei $>f - stations, js estab^ to acquire 

information that characterizes each- of multiple, clients in, a ^manner that enables a de^rminatioa ^ of the clients with 

respect to a corresponding network, the infqrmation being acquired other, toan jn me. form, of digital ^messages^that^are passed on behalf of 
the clients to the corresponding networks. The information is provided to operators of the networks to enable tfiern to make authentication 
decisions based on the information. 



... " ; ; : - ^ : r FOR THE, PURPOSES OF INFORMATION ONLY 

Codes used to identify States party to the PCT ort the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spain 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


FI 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria - ' , a t - 


• -FR - 


France \; **:.;' 


LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


GA 


Gabon 


LV 


Latvia 


SZ 


Swaziland 


AZ 


Azerbaijan 


GB , 


United Kingdom. 


MC 


Monaco 


TD 


..Chad . 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan . 


BE 


Belgium - - 


GN 


Guinea ■- ' 


MK 


The former Yugoslav 


TM * 


Turkmenistan 


BF 


Burkina Faso 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


* ML 


Mali 


TT 


.Trinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy .... 


MX 


Mexico t 


uz 


Uzbekistan 


CF 


Central African Republic 


JP 


Japan 


' NE • 


Niger 


VN 


Viet Nam 


CG 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland - 


KG 


Kyrgyzsian 


NO 


Norway 


ZW 


Zimbabwe 


CI 


Cdte d'lvoire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon „. 




Republic of Korea 


PL 


Poland 






CN 


China 


KJR 


Republic of Korea 


FT 


Portugal 






CU 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






CZ 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


LI 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







WO 00/691 1 1 PCT/US00/12642 



AUTHENTICATION 

This application claims priority from Provisional United States Patent Application Serial Number 
60/133,492/filed May 10, 1999. 

5 

TECHNICAL FIELD 

This invention relates to authentication. 

10 BACKGROUND OF THE INVENTION 

Consider a situation, such as described in Figure I. where a computer network (100) is formed 
from one or more remote clients [e.g., computers (101 - 103)] interacting over communication 
links (500 - 506) [e.g., telephone lines, hard wire, satellite links, IR, etc.] The Network wants 

15 authorized clients (e.g., 104) to gain access easily and unauthorized clients (e.g., 400) to be totally 
prevented from gaining access. [Note that this diagram is intended only to represent known 
elements of a computer network and its security system. In particular, it is intended to show the 

- basic topology of these parts.-Also. it-is not intended ^o bean exhaustive example^of current- J : 

computer networks or their security systems^ ^Gd^sequeritly litems such as routers, firewalls, 

20 -- gateways and the like have:not;been; explicitly displayed:]" n t n ^ ^si-'i -S:it^\A o« >->« 

The Authentication Process is the means bv which the system stops unauthorized access to the 
Network. The Authentication Process constitutes the securitv'measures protecting the Network.-; 
Typically, in the Prior Art, .the Authentication Process is a multistep sequence based on jLFser * . 
25 Credentials and the Network Authentication Server (200). . 1 ^ *; \ 

"User Credentials" are information, such as access codes and user Bp's, that are. assigned by the 
Network to all authorized users (i.e., people who have authorized access to the Network.) The 
Authentication Server is the part of the Network that reviews the credentials of a user when 



SUBSTITUTE SHEET (RULE 26) 



"* PCT/USOO/12642 

WO 00/69111 



access is requested/ Here the term "Authent:cation Server" is meant to represent whatever 
network hardware and software is used for this purpose? 

>The following 1S a typ.cal Authenucauon Process, sequence executed when a user wishes to gain 
access to the network:" (See'Figure 2): '* •'' 

1) The user uses his client computer, andits specialized network software, to request 

access to the network. 

2) The software prompts the user to enter his credentials into a certain location on a 
' "Network LogOn" screen. This could include/for example, his 'user ED and 

access code: ( 123. XYZ1 

.,, 3 ) The client Network software translates the credentials into di^ i.e., a 

digital version of the user's credentials. 

- • 4) Wclieni then creates an electronic 'message that includes the digitized credentials and 

. transtaitsittdth^ 

message.] .*•.-■.■..:•-: : - - 

Diagram 1. f 'T T | V | X | Y | Z f ' j' i I 

$)The Authenticauon Server converts the electronic message imp digital information, i.e., 
a digital version of the user's credentials. - - .■• 

' 6) The Authentication Server has in its database a list of digitized credentials for all 
authorized users. When the electronic message from the client arrives, the Authentication 
Server takes the us : eVs digitized credentials 'and compares these to the" credentials it has 
" ' stored in its database for this particular user. If they match, access to the network is 
granted to the user. If they don't match [e.g., (123, XZZ)] then access is denied. 



SUBSTITUTE SHEET (RULE 26) 



WO^00/iS91 If P€t/U§b0/12'642 



' Unauthorized users^can-gain access to x he .Network by tdefeating'the security measur.es, i.e., the 
Authentication Process. The source of this problem, is; that,. cun^ent Authentication Processes are 
based on analyzing digital information sent from the client to the Authentication Server. It is only 
the electronic signal itself that isianalyzedr/Security is based.on^rjalysi^of tWs^ignai,; Neither the 
5 physical client, nor its human operator, is analyzed directly, .^his same problem exists for ail 
~ :<&-. ( ; credentials data as long as the- Authentication Process remains the same. >, f / . 

Computer hackers break through this type of security just by mimicking valid digital credentials in 
the electronic message (See Diagrarn i).sent to the Authentication Server by the client . This only 

10 requires a computer (client ), a communication link, and a valid set of credentials. The first two are 
readily available and the last can be obtained by a variety of means such as: guess work, simple 

* theft? etci. That is, ''Uwftirdle^ etc. j r f 6 uri&tH6Hzed entry are fairly low. 

j - ;Th«. electronic-message cbntainm^^ indicators of 

15 the actual person or client who/has sent it b^eauseyt is just^a series pf corpputer generated 
electronic impulses and is therefore susceptible to hackers. * _ ; 

To illustrate this point, consider the following analogy: 

20 Imagine a situation where physical access to a building is protected by an "Authentication 

Process" bisfed ori analysis df'k person's ; rian^^^ process only requires 

that a person wishing to access the ? building givV the gjuard : a piebe of paper with 
handwriting on it. The handwriting is compared to that on file for the name that was given. 
If they match, the person is emitted. 



25 



, But a sample of the handwriting could be stolen or forged, thus allowing an unauthorized 
person admission, to the building. Here, as in the computer network case, it was 
information supposedly about the person that was analyzed. It was not the person 
themselves, or even information known to have come from the person, that is analyzed. 



30 



.SUBSTITUTE' SHEET (RULE 26) 



V/O 00/691M 



PCT/US00/12642 



15 



• v, .ion Process is based on traditional User Credentials. It could be 
The above network Authenucauon Process 

argued that moremode^^^ 

as-Pentiummw^ 

prm ts. facial scans. etc Wta* are used, for exarnp ^ ^ ta tne ^ 

viAnna VA USA) But these modern creaentials. although usetui. a 

Vienna. V A, USA) o lhenetw0 rk is susceptible to the same type of 

type of authentication process. And theretore. tne 

unauthorized user. i!e.. the hacker, 

use, in .to case. the user, ci.en, -as a spectal scanner — d to The 

- • " 1 ' •'• ' : ifAr nnd its Network software, to request access to the 

1) The user uses his client computer, and its Networ 

r> . Network., , ••• *•' . . ' " " ' ■ 

L Ju , _ uiQ credentials into a certain location 

. 2a) The client software prompts .he user to enter his ^ 

on a -Networ, LogOn" screen. This could include, for exarnp*. h,s user ID and 

access code: (123. XYZ) 
2b) Thumb Print Scan ■*« v "- 

me client, software aiso prompts the user to place his thumb on the scanner.^The 
client then scans the thumh. Seating W an tmage of the thumbprint T* 

, ' - , .. ' that characterize the thumbprint. . 

5 :; 3) the client's software translates. he credentials into digita! informauon. 

Server. [Diagram 2 is mean, to represent this electron message. ] 
Diagram!. I I I -M ^ i a I i 



4 



SUBSTITUTE SHEET (RULE 26) 



WO;00/6911!M PCT/US00/12642 



J 5) Th6'Auifhenu6aiion vSe^efrr-ecfeivesi the* electronic message and translates it back to 
' ' (digital information. f j ?1: ^ •* • •* u - — - * r '-'U;, .' -r : /, i\~ :\ 

:i 1 ' 6) the Authentication Server has in- its database, a list, .of digitized , pudendals and 
'5" * - r digitized thumbprints forall authorized usersv When. the ;e^earonicme^^e^f^om the 
i r ■ . i :■ client 1 amves^the Authentication Server takes the user's digitized credentials and 

thumb print and compares these to the credentials and thumb .prints; it ,has t stpred in its 
database for this particular user. If they match, access to the network is granted to 
" - ' r " : ^the user: If they don't match then accesses denied- V:l i f v f ■ : . t > :: \ - 

Note that not only , is the actual thumb' not being- anaiyzed. Jbut neither is a physical thumbprint 
(such as on a law enforcement finger print card) being analyzed. Rather it is only the digitized 
version of the thumbprint created by the'clien^ a hacker a way of 

breaking into the system. For example, if he were to obtain a copy of a user's thumbprint; he could 
15 digitize it and then use that digital Version: to rsend jtorthe Authentication, Server when the request 
camerforthe thumbprint. - - <*' -V "aO*?. ; .:^^x" .>■ 

Therefore, the three types of authentication data: tv&? y?hl crr-i^rr AC 

* :? - J - User Credentials 1 ^ ' r/ *? ■ "* T ::^^cv! oA.t- b~&,?r,ci zifisih 'A 
20 ■ ■ " • User Biariietrics~ ' ~- ■ ":' ».-^-'- ; '- ;v rsnrri -/*;.;..; ;raih 
- i • " - Client Branding * v -> r * ^rvjA* ik:.2"aa\ ■>•-,. >/ ^ 

all suffer from the same problem. They are ail turned: intoi digital: messages by the client. This 
"client formed .digital message" is then analyzed in the Authentication Process, And it is the 
nature of a "client formed digital message" that it can be hacked with readily available, and 
25 inexpensive, technology. In addition, the skills heeded to overcome this type bf security system 
are within the expertise of trie traditional hacker. * 

Finally, it should be pointed out that one .of the additipnal weaknesses of this type of 
authentication profcess is that when a Network decides to make its authentication process more 



5 



. SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



PO17US00/12642 



10 



15 



difficult for the hacker to break through, it also becomes more of an irritant for the legitimate user 
to access the Network. The Process is non-transparent to the legitimate user. . 

In summarion. current authentication processes are based on having the user's client take user 
credentials, form them into a digital message and then transmit, this message to the Network 
Authentication Server where it is this digital message that is analyzed. This approach has several 
weaknesses and deficiencies that include the following: 

' 1 ! it relies on data digitized and transmitted by the user's client. • 
^ 2.,it analyzes digital representations of information about the client/user and not the 
' clienvuser\hemse^ 
and not a thumb print itself, let alone a thumb.] 

„ . ... 3 . i t presents alow hurdle, both. in. expense. and technical skills necessary. tp, an 

■ • 1 unauthorized user.: v . 
*~"^^ 

_5. it can be : overcome by traditional hacking, i.e.. software and readily available 
. ^ , ,.cpmpu.^ 

Finailv, the enorrruty of the computer network security problem cannot be over esumated. 
Computers are-pervasive in our society. The national defense itself is tied inseparably to them, 
iun^orized access to critical mission computers (e.g. those controlling the Ballistic Missile 
System) could jeopardize our national existence. 

' There is a need for an authentication process which will uniquely identify the originator of a 
network access request and which includes the following: 

1 . it doesn't just rely on messages created by the requesting client 

2. it analyzes information empirically obtained about the client, not just information 

sent from the client. 

3 . it raises the hurdles, in both expense and technical skills needed, to gain unauthorized 



20 



25 



SUBSTITUTE SHEET (RULE 26) 



' ' * access td "the system • r.^y - : 

4. it is 'transparent to tfie fegitimate user - - ;: '■><• ''■ ■ <y-'~-< : ■ v, 

5. it cannot be overcome by hacking 

5 ; "' " SUMMARY OFTHE INVENTION * • • 5 >■ : - • • - ; - ■ 

In general, in one aspect, the invention-features. 4n^toecaomwithf.authenticatiiig- a client of a 
network, acquiring, information that . characterizes the cliem in i a fanner that enables a 
determination about authenticating the client of the network, the information being acquired other 
10 than in the 'form* of a digital message that is passed on behalf ofthe client to the network, and 
making an authentication decision based on the information. 

In general: in anbther aspect, the invention features encrypting: information in a manner that is 
based on a physical property of an intended recipient of the information^ and,delivering the 
15 encrypted information to thcrecipient. ., :B:r ,, ...... v , ; r : 



20 



In general, in another aspect, the invention feattires ^physically associating* a source of a beacon 
with a person, measuring times"of recwpt of th^e^n af miilSpTe ^dftSn^and determining the 
location ofthe person based on the times of receipt. 



In general, in another aspect, the invention features establisMhg a set'df statioris fhat are 
configured to acquire information that characterizes each of niiiltipie clients in'a manner that 
enables a determination about authenticating eachVf me clients witn^ fespert 
network, the information being acquired other than in the form of digital messages that are passed 
25 on behalf of the clients to 'the corresponding networks; and prbviding' theinformation to operators 
ofthe networks to enable them to make authentication decisions based on the information. 

In general, in another aspect, the invention features encrypting and decrypting a message by 
expressing the message as a message signal comprised of a sum based on eigenfunctions. The 
3o" message is decomposed into partial sums such that each of the partial sums conveys no meaning 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



. relative to the message. Electromagnetic signals are formed based, on the respective partial sums. 
The electromagnetic signals aresentfrom respective sources at times selected to assure the 
simultaneous arrival of the signals at* an intended location, such that the electromagnetic signals 
superpose themselves to form the message signal. ~ ;t 

The invention relates to a system and method that uses: 

1. data empirically gathered about the user/client, by the network itsel£ as the basis for the 
authentication process instead of the traditional client generated digital message, and 

2. message encryption with decryption based on an inherent physical property of the 
user/client as one aspect of the security system. 

; In another aspect; the invention relates to a system and method that changes ho w. a computer 
. system .interacts with a client from one >yhere the client sends certain data to the systenvto one 
where the! system obtains certain data empirically. This second invention is independent of: 

- computer network security systems 

- the quantity that is being empirically measured 
, - the technique used to measure it 

,v - the *lmeissage encryption abased; on an inherent physical property" technique. 

; v- : ? >r'-i>-y \„ ' / * ■ . ... ■ 

In general, in another aspect, the invention features a system, and method for sending coded 
information from one entity to another such that the method of encoding the information is 
specifically chosen so that it isrdecoded -by an inherent physical property of the recipient; This 
third invention is independent of all of the following: computer network security systems, the 
particular inherent physical property of the recipient that is being used, the particular method of 
encoding the information, and of the empirically gathered data concept. f . \ 

The last .two aspects of the invention are independent of computer security systems and can be 
applied in .a large variety of.areas, 1 * \ 

8 



SUBSTITUTE SHEET (RULE 26) 



WOtiO/69ffi^ 



PCT/USO0/12642 



In implementatidhs of the^nvemibrtr^ telecommunications hardware 

and sofiwar'6; 'empirical data : gathenng v devicel 'ariif'a^ethdd of operating*hese /create ? a 
computbr network kutHentication process ii:e./'a'Gomputer network:security>system),which is 
based on analysis of empirical data obtairied-difectiy by the network itself about:the:user/client 
5 requesting access and which is not based solely on analysis of digital messages created by the 
requesting client. u " li ' r - ' * - 7 c '^^' i: * - 2 * — - r -^' r vr/T 

* ? - Implementsitiohs of the mveritioh empirically obtain ^user/client informations 'and then include this 
' information as part of "a computer r hetwork 'autfteMicatidit process, ^.-.^ z.*n x 

It is important to note that it isn't just different "credentials data" that the invention's 
' ^Aiithenticatiori^Prodess "is based dn^ RitHer: the ihveritibn's-Authentication process, itself is 
' lC} - J:: dS9Krent? ^ Ih particular^fincliides atiiffere^ that 

' useB in thb- Prior ^s-authentibatidri j3rocess. ; Ah-example of this- method?-would be to employ 
15 Remote Sensing techniques to gather the required data;->^ - - " - ^ * r : 

Implementations of the invention also empirically obtain' titfdWnation abour a subordinate. This 
inventive concept is indbFiehdent oFc network^ siedu^^ in a wide 

variety of areas (e.g., the location of a particular individual or object by some authority not related 
20 ' ' ; to access to a computer system, f v ^nr^m orf.f ,r:?rv;; -a^rs r-j jx'io'a'jx \..\ 

In ekimpies of the invention; precise^ clifentsds used as aJmeans of 

identifying authorized users of a dlbsed cbmpiiter network ' [There are many other physical 
■ '""'observable* that could be used:] The location r is determined by'mean^ that 'are not j '*hackable." 
25 Specifically, the client doesn't Veil the Authentication Server^where iteis (i-fe:, ir does^noutransmit a 

digital message saying "I am at location X Longitude Y Latitude.") Rather, the invention acts to 
' make direct measurements of the client's positibnr-Many methods of Remote Sensing, can be 

employed for this purpose. One particular method of doing this is by measuring- time of reception 

of a radio beacon signal from the client. 

30 

9 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



PCT/US00/12642 



Other aspects of the invention provide:- 1 z \. ... 

: i) a novel System and method for encrypting and decrypting messages , 

ii) use: of this encryption/decryption method as part of the authentication- 
■ " • ''pk&ess for'a'computer'hetwork security system. 

i ) In this approach to encryption/decryption there are basically three levels. 

. a. The concept of encoding a message based on some inherent physical property of the 

_.. _ . recipient: -.. , ., • : ;■ v- . . ". >■• 

b. The particular physical quantity used 

c. The particular method used with the chosen property to encode the information. 

Information can be encrvpted in a special way. such that.a "specific" and unique, physical property 
of $ he : recipient .autpmat,callv decrypts the information. There are many physical propert.es th,s 
could be based on, for example: : : 4 . ; / , : v * ■_./. 

a. physical location 

b. unique sensitivity to light prvspund } 

c. DNA (unique to each individual) 

For each .unique , physical property, there vviU be .many ways to encrypt the information such that 
when it arrives it is automatically decoded by the physical property itself of the authentic recipient. 

ii) Messaees to the user/client are encrypted in such a way that certain inherent physical properties 
of the userJcHent Uself (in pirticula^ those mentioned above that are empirically measured as part 
of the authentication process) are used^as "keys" mat automatically decrypt the messages. In other 
words. If the user/client is who he says' he is. then the message will arrive in-the-clear. 

For example, the client's stated physical location is used as a means to decrypt messages from the 
Authentication Server. This message is then used as part of the Authentication Process. 

This works in the following way: An encryption method is created whereby a message, in the 
form of an electromagnetic signal, is decomposed into several parts. These parts are individually 

10 



SUBSTITUTE SHEET (RULE 26) 



:wo20o/69;ihd^ 



PCTAJSOO/12642 



unintelligible. Then the different pans are transmitted at different retard time? ami from, 
different locations^ e.g^satellitesu microwave towers, u etc,X such.th^t tjiey ^combine (superpose) 
at some specified' time and are intelligible, in-the-clear. at only, one physical, locauon. : That is, they 
are understandable without analysis only v at *he authorizedxAient's ppsitip^Fjpally, the response 
of the client to the message is noted and used as pan of the Authentication Process. 

Client Response Time may be Used for Authentication. A rhessageis ieWfrdni the authentication 
server to the requesting client which orders the client to take a particular actibn.^The response 
time of the client is measured and used as part of the ^ autheriticauort process;^ < 

The invention ties each authorized user to a particular authorized client. 

the novel aspects of the ihvehtioh's ' 

authorized user. That is, its novel aspects require no additidhy^wbrk^for' thel^gitimafe user. 



The invention creates an interactive method of 'tom^uteP network security- : ^ 

( fhe'invention includes spoofing c6unte*r-iT^ 
changes in the Authentication PfoceisV 1 ^ xu^ut-.oim - asvii?* >• 

< .- 

: ■ *• ■ f 'v;? - " ' " ^ - >' . iv. r:iy <:v;. ?r;x u -v-^m r,\h q: wr»^olA { : r 

The invention changes the> dynamics between the network and the unauthorized user. The 

invention gives network administrators an entirely new dimension in which to pursue security. 

Clever network administrators will find additional ways to employ the basic concepts of the 

invention to thwart unauthorized users. 

The invention raises the hurdle to gain unauthorized access to a network. It does this by 
redefining the dynamics of the hacker / authentication server battle. That is, it forces the 
unauthorized user to do things (e.g., finding satellite positions, radio transmissions, 
electromagnetic pulse generation, signal analysis, telephone fraud measure, etc.) that are not just 

11 



SUBSTITUTE SHEET (RULE 26) 



WQ 00/69111 



PSCT/USOO/12642 



clever uses of software. These are things that require large financial resources and access to many 
technologies: things that the traditional hackers:do not have. 

Among the benefits achieved by the invention may be one ormore of the following: 

1. Make computer networks more secure ' ; : ' 

2. Create a network security- system that doesn't just rely solely on the analysis of digital messages 
sent from the client to the authentication server for. the authentication process. 

3. Create a network security system whereby the computer network itseif empirically gathers 
information about the client/user and theniincorporates this information into the authentication 

- "process' : ■' ' ■" — ' ■••■*■ : - c '" ? - , * , * ,, ° * ' • • '* - ; - * • ; - ' ' 

4 Raise the Hurdles to unauthorized 'ae©SS5 so as to essentMly eliminate d 

from the ranks of potential unauthorized.usersrThat is, only extremely well funded and 

• technologically sophisticated bfgahizations have any possibility of overcoming the hurdles and 
'gaining^ ' 

5. Make the novel security measures of its Authentication Process transparent to the authorized 
users. -v 

6. Change the dynamics between the Network andthe unauthorized user. ' • 

The invention creates an authentication process that gives the network administrator an entire 
new class of authentication methods and data to use, using an authentication process that can't be 
fooled by traditional hacking techniques r • ; * - ; 

The invention gives network administrators an entirely new dimension in which to pursue security. 

• In doing so it changes the dynamics between the network and the unauthorized user. This alone 

12 



SUBSTITUTE SHEET (RULE 26) 



WO00/69W1 



PCf/US00/i2642 



adds to the level of security for the Network. Glevennetwgr^ additional 
ways to employ the basic concepts of the ihvention:to>thwart unauthorized users. N v c. . . 

7. Use the* concept of "empirically gathered data abdut a subordinate ^in ^eas.oiitside computer 
network security. These could be in areas such as: a system that can physically locate a teenager 
who is away from home or location of patients who could become incapacitated^ > 

8, ; Use the^ concept of "encryption 1 with decryption -based on ;a ; physipal property of the recipient" 
in areas other than computer 'network security. ,j ^:y; y ? ;^ j<r u ^ , . 

i. 

r ln somedmpiementations of xhe invention these and other benefits are provided by. a; combination 
? ..including: A computer network .with an authentication^ several 
software packages, routers, firewalls, and communication links. The clients have, monitors, 
keyboards, CPUs, memory, antennas, radio transmitters, and a means to convert a digital signal 
from- the CPU.into a command-to a radio, transmitjeiv. ; Also jndudedjn th# invention is an - f 
empirical data- gathering 'device such as ai satelliter^TWsLdeyiceiis equipped with an antenna for 
transmission? and reception :b£ radio, on othei:^^ also.has software 

that includes, but is not limited to, package that 
receive and send messages to the Authentication Server. 

BRIEF DESCRIPTION QF THE DRAWINGS ^ ... 

Implementations of the Invention are describe^ with reference to. the drawingsjnvjyhich like 
elements are denoted by 'like or similar;numbers ^and ^ : . n : ,* f 

Fig. 1 is a high-level block diagram that is useful in v unders;anding the topology of a computer 
network and its security system in the Prior Art. 

Fig. 2 is a combination high-level block .diagram and flow diagram that is useful in understanding 
the operation and attendant problems of the Prior Art for network security. 

13 



1 SUBSTITUTE SHEET (RULE 26) 



> 

o 

PC\"/US00Vl2642 

WO 00/691 1 1 



1 R.3 is a combination ^ Woe, digram and flo« diagram that , usefu, * J"*— 
^ operation and — ^ of*. Anfor netwo* securuy when b,ome.nc da* ,s 

' included in the authentication process. ... - 

" Re 4 is a combination high-level No* diagram and flow digram that « useM 

ml operation an. system of the computet netwo* security Authentication Process accords » a 
- preferred embodiment of the present invention,, .., - 

10 F ,g. 5 * a htgn-ievei bioct d,agram show,ng how difreren, sateiiites intercept a dient beacon a. 

: different times ; ; 

■ F ,g, c ,sa biocV diagramming the disunceVD*, from each .atenite to the reusing die* 
Ca 

pig^ahi^leveibioWdiag^ 

puise ( 700,;ni«edWan'aut„on 2 ed cl,e„. CA : a, posttion Pa. and the three ttme-staggered 

„ f r ? 3T nnsition Ps trvine to fool the network 
_, v narro^^ • " 

security systeiTtinto thinking n is;at iP Qsuion, P^. ■ : : 

v 

M Fig. 8 ,s a high-leve, bioct d,agram show,ng the reiative distances to a particuiar sateiiite from 

, Ga and from G s ,q < 

r,g »A is a high ievei b.oc. diagram ed flow char, showtng the reiative difference, ^between the 
25 operatton of apreferred embodiment of the current invention andthe operatronof the Gioba. 

Positioning System. 



14 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 Kv*T " PCT/US00/12642 



Fig 8b is a high level block diagram and flow chart showing the sequence first of the spoof Cs 
emitting three staggered 'narrdw beanied^iilies which' try' to' fool the'cuh*ent invention's security 
system into thinking that its location is at r A and second the response of the Authentication 
Server of the present invention to order the satellites to transmit a narrow beamed message to Pa 
as.a means of exposing the,.spoof ■■[. r . ; w . .v V ...h ..:■.;,-/ - •.' i ;^ -:\ :i :i , v , , , : \ 



Fig. 9 is a high level block diagram and flow chart showing the three partial sunris-f J *-7~f 2 , and 
f 3 that superpose at the point Pa to form the command f ( t. Pa) which is only intelligible in- 
the-ciear at Pa. These partial sums can be omnidirectional beams or narrow beamed EM pulses. 

Fig. 10 is a.diaeramshowine the shape* and time dependence of a signal to be transmitted to the 
client. 

Fig. 10A is a high level diagram showing how a signal f ( t, Pa) might be modified by using 

* .' l v *- ,J - - ' !* .*r> ^JrvKTiiiii rn^si; - I i ^vsi -..vvi i ' "! 

only a finite number of eigenfiinctions and still be acceptable for our purposes. 

' r. .. —'.-r- - 1 .. ' '■ r^.t .' : ;.v.-. f r- ;^^:u^i ? j h^n^rh?.:;: r t B y\ {OO'n ;^h>^ **' 

Fig. 1 1 is a graphic represetuatioiVof the partial^decbmpo^h ^SSi^^^'SS^tig t ^ at 

they are individually unintelligible but that their superposition f6rfns the: intelligible'sigftal 

f(t, Pa). 

Fig. 1 1 A is a graphic representation showing how the shape of an EM pulse remains the same at 
Pi and Pa but that it has been shifted on the time axis. 

Fig. 1 2 shows the time dependent graphs of the functions I , t t and I as they appear at the 

position Ps and that they are displaced in time relative to one another and that therefore they do 
not superpose to form an intelligible command. 

15 



SUBSTITUTE f SHEET- (RULE26) 



WO 00/691 1 1 PGT/US00/12642 



Fig. 13 is a high level block diagram and flow chart showing the sequence of the Authentication 
Server ordering the satellites to transmit partial representations f * . f and f 3 to the position 

Pa arid then the partial representations actually being transmitted. 

5 

Fig. 14 shows the time dependent graphs of the three partial representations that have now been 
disguised to thwart mathematical analysis by a spoof. 

Fig. 1 5 is a graph showing how the command signal could be broken into three time-sequenced 
10 parts that superpose, at the desired location P-A-.to form an intelligible message. 

PET AILED DESCRIPTION OF THE INVENTION , .< 

The present invention provides an improved system and method for authenticating clients and/or 
15 users as they request access to computer network systems. Generally described; the invention's 
authentication process is based on analysis of empirical data obtained directly by the network 
about the client and/or user and is not solely based on analysis of digital messages created by the 
client. 

20 The invention uses data that the network itself empirically obtains about the client/user as the 
basis of the authentication process. There are many physical quantities that could be used to 
authenticate a client/user (e.g., physical location, emission spectra in various electromagnetic 
wavelength regions, internal clock phasing with respect to a network master clock, biometrics of 
the user, etc.) And, for each of these, there are many methods by which to obtain empirical data 

25 about that physical quantity (e.g., satellites equipped with Remote Sensing devices, ground based 
equipment, etc.) A variety of physicai quantities and methods of empirically measuring them by 
. the Network may be used to implement the invention. . 



16 



SUBSTITUTE SHEET fRULE 26) 



wo;oo/69tii 



PCT/US00/i2642 



An example of the invention will be described that is based on physical location of the client as the 
quantity* to be "empirically measured arid which Uses satellites- tb ; measure this quantity! 



The example will now be described wiih reference to Figure 4. In particular, as shown in Figure 
4, the overall system according to the present invention includes: A computer network including 
an Authentication Server (200 ) , one or more remote clients (104), and a communication link 
{ (505) . The clients Have monitors, keyboards CPt/s, : memory (RAM and hard disk drive), a means 
to convert a digital signal from the CPU into a command to a radio transmitter/receiver (105), and 
a radio antenna (106). Also included are empirical data gathering devices such as satellites (601 - 
603)' [or, for example, microwave antennas, cellular phone infrastructure^c.] These are 
equipped with antennas ■for reception of radio brother felSectro magnetic* radiatidnV computer 
hardware and software to receive and send messages to clients, and to receive and send messages 
to the Authentication Server. [Note that^^^ 

network hardware and software (such as routers, firewalls, gateways, etc.) is included.] 

.-In Figure 4: • ? .^m^r ■■■ *v i.irn\q:?^r* o: n^-j-^ x«?»i*p?>\' '-^vn m£> 

• ~ ^-ASC i -Auth^ntibatibh Served 4 1 v ' susvlsnn no L-^-i ^ ™>-<q r^:*^..*.';.; , 

Ca- An authentic client trving to access the svstem 

CPUa - Central Processing Unit of Client A 

Ra - 'Radio^lr&nsniitte^^^ Swum 'nn t:A< %\~., ^cr^v- j. 

Ta- Antenna 

, , .... E.L- Satellite (i =, 1, 2, 3,)^ :>j , ..» fir { n : .^ G i , _ AV . , ;ar f - r ^ r w,^/ 

Beacon Signal Method r : : -.. v t r ; S. x^,-^ . ; ::y; u , ': 

Assume that this is a "closed" computer network and that the network has-'controi" over the 
remote client computers. 



17 



SUBSTITUTE SHEET (RUXiE 26) 



WO 00/69111 



PCTAJS00/I2642 



5 



In this specific embodiment the word ■•closed" means that the network limits. access to specfic 
client machines. [In-other embodiments, this limitanpn could be, removed.] These clients have 
hardware/software configurations that the network itself can .determine. So. for example, a user 
cannot just take the Network. access software and install it on any P£ to gam access. The 
Networlc .therefore. .s different from the traditional ISP such as America On Line. 

The word "control- means that the network can dictate certain issues.For example: 

o ' It ^an pnfigurethe^ardware and software that is on th^ Such as. it could 

require: 

i) the use of a Branded CPU such as the Pentium III with Processor Serial 
.., .. Number trpm Intel, . v.': >*?•■' ••" 

"' ^ ; ' '[ ii). the installation of PC .Anywhere or similar software that will allow the 
network manager to take control of the client. ■ . 
" " , f iii) the placement of client specific information into hidden Nonvolatile Read 
Only Memory (ROM) of the client. (This could be done in * similar 
' .fasmpn-tohowBIOS/Hash information handled. Tliis. information could 

^ , include for.examRlej.a.vanety of different commands, a random list of 
signature pulse signals, etc. ) 

iv) the installation of a highly accurate clock which is synchronized with a 
^ ^ v , ft . central , network clock, [ Similar. to those used by the Global. Positioning 

System (GPS). • . . « . . . ■ - 

v) a radio transmiwer and antenna to be connected to the client, 

o it can demand that each user be restricted to a specific client. (This coordinates User 
Credentials with physical location of the client.) 

' o it can demand that clients.not be physically moved.. without authorization from the 
network. 

30 ' o It can demand'that a client go through an initialization process. 



o 



15 



18 



; SUBSTITUTE SHEET. (RULE 26) 



WO 00/691 1 1 J 



PCT?TUS66/i2642 



' ^ : AVhen a new lisei" is' brought onto the 1 rietwdtk^an 'official froth' the network administration 
• could go' to tKe physical location 1 of the authentic user anfr install the 'client; Me could then 
' ^ ? do anynumber of thirigsl such as: vr : 1 - r * : - 

J - execute trial runs ( io see what the client's response tirriib'is to'&rif order from either 
; - the Authentication Server or 'the satellites' to transmit a' r spefcific fneslskge, 

- having the client / Authentication Server linked through PC Anywhere such that 
; * the cohimahds to the ciierit arte being given directly byWe Authentication Server 

^ v - using a G16bal ; Positioning "System (GPS) device^W 

client. ;. c -....-> 

Electronically connected to each client's CPU is a radio sigiiai trahskhitter/receiver. Within the 
^network/ bach client' i's' Assigned a specific eiectrorhW [br a random sequence of 

such forms hidden in Nonvolatile ReaS Only Mefnbry^RBM)} tKat tf is : only used by that particular 
client: There arfe also at least three skteilites th^ Network. The 

primary function of these satellites is to gather empirical' data about the clients and to transmit this 
data to the Authentication Server; In addition^ these W^llites could*' also be used to send and 
receive information from the AuthemicatibWIS&ver information from the 

clients. \ - Mnngy. ttiti*:\ ^r-sx^s 5jc j 

While hot required in all implementations; thesd features j: in& JiSrdvvare allow the Network in this 
example to institute a novel security system for network acceiss/ This security system will now be 
described in terms 'of the steps of an Authentication^ Process: ,r { - * 

1) The user uses his client computer, Ca (104) / and its" software to"' request access to the 
Network ( 200 ). This client, which is configured by the Network, has specific hardware 
and software pre-loaded on it related to the Authentication Process; 

2) When the client's Network software is opened, it prompts the user to enter his User 
Credentials into a certain location on a "Network LogOn" screen. This could include, for 

19 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 II 



PCT/US00/12642 



- example, his user ID andaecess code: ( 123. XYZ). It could also contain, for example, 
biometric information. Processor Serial Number, encryption keys (.public/private), etc. 

5 .:. - ;3) The client's software translates the credentials into digital information. 

4) Data is transmitted to the Authentication Server; Empirical Data is obtained 

a) The client's software then creates an electronic message that includes the digitized 
10 - credentials (as shown in» Diagram 3) 

" " J . 1 " ' Diagram 3 ; ' \[\ \ 2 I 3 I X | Y | Z | | i I 

; When the "Connect' -button on the Graphic User Interlace (GUI) screen is clicked, the 

15 software forces two events to occur: ? - ? 

i) the above electronic message is transmitted to the Authentication Server via 
the normal communications link ( 505 ) 
r- 1 "* ■ * ii) the software orders the radio transmitter Ra ( 105) to emit the beacon signal 
(700) from the antenna Ta ( 106) with the pulse signature that has been assigned 
20 to this particular client. 

b) Empirical Data on Client's Physical Location is. Obtained 

The act of transmitting the credentials to the Network triggers a radio beacon signal to 
be emitted from . the client. (The user doesn't have to do anything additional to have 
25 this beacon emitted. ) This beacon signal is typically a spherical (i.e., omnidirectional) 

1 1 EM wave with a unique pulse shape. 

The radio signal is detected by the satellites Ei (600). The satellites note the client's 
signature pulse and the time of reception, t A i , tA2 » and tA3 of the pulse. The arrival 
30 -, t i m es will, in general; be different for the three different satellites. (See Figure 5) The 

. results of these-measurements are transmitted to the Authentication Server. [Note that 
■ in other embodiments there will be other quantities measured, such as: direction of the 
EM beam, polarization, etc.] 

20 

SUBSTITUTE SHEET (RULE 26) 



WO 00/691 IT ^ " PCT/US00/12642 



, Jt is important to, note that the present invention, differs from the Prior An at this point 
"» inrtwo. fundamental ways: < ' r;r j • ; ^ r *» 

i. the authentication data is different from the prior an. 
. ii. the method for obtaining that data is active (empirical): xath^r then passive. 



7. L .\ i\5) Checking;for Authenticity: A Two Step;Process "... 

a) The Authentication Server has in its/databaseta list q£digitized ^credentials for all 
10 authorized users. When the electronic message from the client arrives via the normal 

communications link (505), the Authentication Server takes the user f s digitized 
. — < : credentials and:comparesjhese to the credentials it has stored in its database for this 
particular user. .i.'--r. j </■ ^.j^; "* 

15 b) Using Empirical Position 1 Data?l^o^Detennine:Authenticity 

i) ,The Authentication, Server ^ also has in ^ 
authorized client. (This can be obtained, for example, in an unequivocal manner 
• ' ' ^ ^ bly having a'Network Official use a Global Positioning System (GPS) device 
during the initialization process. OrfCe this 'physical "position is established, 
20 movement of the user's client is restricted to a cenain physical region 

established by the Network ) 
' - ii) The Authenucktioh Se^ 

direct measurement of the clients beacon signal, i.e., Lai , *a2 , and Ia3 - 

iii) The Authentication Server uses beacon signal ii^orniation^o calculate the 
25 location of the client. (See Below) 

iv) It then compares the actual position agairist^the registered one. 



, c) Both the User Credentials in (a) andjhe physical locatioain (b) must match the 
information stored in the Authentication. Server's database for, access to be given. If 
either, or both, of these quantities do\not match those in;the database, then access is 
denied. v~. . yJ 1 



21 



SUBSTITUTE SHEET (RULE 26) 



P'CT/USOO/12642 

WO 00/69111 



5 



1 : > u the salel ii tes the 

Note tha, the radio s,gnal is a beacon no. a message. That ,s. do 
, 0 iio„ of the client <e. 8 .. is not a message that says "the *. . a " 03 » W« 
L on„tudeand 14" North Latitude" ) Rather, the client's CPU 0 ^ ^1 „. 

' • ' ' ,„ emit a spherical wave with the client's signature pulse Thts ts detected by the 

calculates the position of the radio emitter, . 

Calculation iof Position 

(See Fteure^) - : ; ■ ; - 4 *'*. " '" : " 

The Netwo* Admuustrauon ^ the ,os,ion of aU authorized clients and their radio 
U aiso k no„s the posuions of the *ree sa.*es 1, therefore can calculate the distances Dm . 
, D«, and D« from.he client C A to ea^ of - ="9 *■» < 

Consider the 5 situation^ Client see^ access has etniued a sing.e beacon signai at time 

, embodiment.,, is these times that are the emptricallv measured queues, 

The goal of the system is to confirm the pnvstca, location of the client, if the distances Dm , 
D« and D« were Known ,h,s would give us the poshion. That ts. Itnowtng these distances 
would-given us three simultaneous q uadra,,c equals with three unsown, 
5 compo ed of the pomts tha, .he signal could have come from., These eouauons can be^ved to 

spheres intersect. 



on 



SUBSTITUTE SHEET (RULE 26) 



PCT/US00/12642 



The issue then is to calculate the distances Da l, Da2 , and Da3 from the empirical data tj\i , 
tA2>, and t^3 .There are several ways to do that. A specific example will now be given. 

* v. * : * < . v '■ v. "J" ' ' . " : .' • <\sr- i '">. ; > >; -;; •" j; ** r: ,•/•;<..'.•' 

Consider the situation where the Network has electronically configured a very sensitive clock that 

is synchronized with a central Network clock on all authprized clients. [Sensitive clocks of this 
type are already being used by the Global Positioning System (GPS).] this clock ticks off "time 
segments" of some specified length (e.e. five seconds). These "time segments" are further broken 
down into smaller elements (e.g., milliseconds.) Each authorized client is assigned a beacon 
signature pulse form and a specific element within each "time segment" during which to transmit 
its beacon pulse. For example, client Ca could be allowed to emit (transmit) its beacon at the 50 

millisecond mark from the beginning of a "time segment." This time is labeled * as: tfe®'-* 

The Network has a highly accurate clock that all the client clocks are synchronized with. 
Therefore, the Authentication Server knows precisely when every "tiirie segment" starts' and what 

the assigned t\ G is for each client: So thit wheft it%ceives the emjDiricaily 'm tAl » 

*A2> an d t^3 it knows the transition times, ( t^j - t,\e)> of the pulses from the client to each 

of the three satellites. This then allows it to calculate the distances from 

- . • .■ <.*.'" ' v " ?S'i>:i\ t^;;;/ srfj "-/d hr:::^)U^i '>s-ni f*s/i sid;- h;,r, 

[Equation 1] : rf ' ^ " ^ — ; ;| v ^ - ^ -^^<,v^ r 

Dai = c(tAi - tAe) c = speed of light 

- l - * ; . -u -7 ' time'si^£d'Ms' } eniitted-by Ga^- v ^ 

tAi = ^time sighal is received by E i 

[Note that the "time segment" has been chosen to be large enough so that the signal from every 
client can reach the satellites before the next "time segment" begins.] 



23 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 11 



PCT/US00/12642 



: We know that there is only one spot on the earth that has the same set of distances Dai , Da2, 
and Da3 . Once we calculate these, we can compare them to the known physical distances that 
„have,been stored, in the-database .of .the, Authentication Server for the authorized client Ca . 

Almost any degree of accuracy in position determination is possible . The primary limitation is 
cost. But whatever method and accuracy is chosen, there will always be a "cell" within which the 
client must stay in order to satisfy the criterion of the Authentication Process. As we will see, the 
smaller this cell is the harder it will be for an unauthorized user to gain access to the network. 

. The.invention achieves several benefits compared, to the- prior an. namely; - 

1 . The invention uses information empirically gathered on the client by the Network itself 
as a key basis of its authentication process. 

electromagnetic radiation.) 

" ' c " :: V:The ii^ention'raises the hurdles by requiring an unauthorized user who is trying to gain 
access to the Network to nbt only possess hacking skills, but also' to overcome the 
empirical data gathering system. (In some implementations this is the 'location 
1 determining system^ This is expensive and requires skills that are not in the traditional 
hacker's repertoire' 1 It also means that he must have particular information not only about 
the user but also about the user's assigned client (e.g., he must know the signature pulse of 
the user's client.) 

4. The user carries out the invention's Authentication Process without any additional 
' steps. In fact, the authentic user will riot even be aware that additional steps are being 
executed. Therefore, the network has become more secure without additional annoyances 

~ 24 

SUBSTITUTE SHEET (RULE 26) 



WO00/691iT^ 



PCT/USOO/12642 



to the legitimate user, Key stjeps-of.the jnven^o totally 
transparent to the legitimate user. 

* * 5. The invention cannot be overcome with hacking 

sent to the Authentication Server. Instead it requires a host of non-hacking skills and 
■ r - methods to penetrate its security measures / ^ > .% , ;^ -.; v * vrv .\xv;L v 

: :6. The invention^gives network administrators an entirely new : dimension in which to 
pursue security. In' doing so^it changes the -dynamics; between the network and the 
unauthorized user. This aione adds to the level of security for the Network. Clever 
network administratorsrwill .findradditional ways to employ the invention 'to athwart J 
unauthorizedjjsers. 

As we have seen, the invention is not susceptible to the traditional hacker's trick of just sending an 
electronic messaee to the Authentication Server that mimics the messaee an authentic client „ 
would send in the authentication process. , 

But, as with all security systems, it can be fooled. Some of the.methods bv which.the system's 
defenses could be compromised are listed under the next section titled "Spootine." 

As will be seen, the Spoofing problem quickly devolves into one reminiscent of the Radar Field. 
That is, for each measure taken bv the network to stop unauthorized access, the spoof attempts to 
break it down with a counter-measure. To which there is, in turn, a counter-counter measure. And 
so on. This is very similar to the situation that has existed in radar since World War II. 

The following section will go through several generations of measure / counter-measure, the only 
limit to this being the ingenuity of those playing the measure / counter-measure game. 



25 



SUBSTITUTE SHEET (RULE 26) 



PCT/tlSOO/12642 

WO 00/691 11 



But a key element of the invention will 'not change, namely basing network security on direct (or 
quasUdirect) empirical measurements of physical quantities of the client/user and then including 
these measurements as part of the authentication process for access to the network. 

5 The fact that the Authenucation Process is not foolproof in no way detracts from its benefits. 



Spoofing 

to • 'The invention includes "a system and method for empirically obtaining user/client information and 
then including this information as part of a computer network authentication process. 

, -Anexample ofthe invention has-been described that uses physical location as the quantity that is 
empirically measured. Other physical quantities could be used. In addition, the preferred example 
15 uses a particular method to obtain the empirical measurements ofthe physicatlocation. Other 
methods are possible. 



20, 



25 



30 



Spoofing is^he act of an unauthorized user. C S, trying to represent himself as an authorized user, 
Ca He does this by.fooiing. the system into thinking that he not only has the proper User 
: . Credentials, but that he also has the same empirically measurable physical quantities as the 
authorized client/user. In the example described above- this would be fooling the system into 
thinking that the spoof fi e:, unauthorized user) is at the proper physical location. 

The response then ofthe Network to this is to employ a new (or an additional) method to obtain 
further empirical data on the user/client, i.e., the invention s authorization process is modified. 
Unauthorized users will then try new methods to fool it. This then spurs yet additional measures 
on the part of the Network. , 

Three additional things should be noted. 

26 



SUBSTITUTE SHEET (RtJLE 26) 



wo 90/69114 



PCT/USOO/12642 



J.) The .invention ( ha% raised the hurdle to unauthorized access. For example, whereas in the 
prior , art the. hacker could just try ta guess access codes and ED's. the potential, 
unauthorized user must now come up with additional information such as; 

- pulse signature for a specific client 
, r position of satellites 

- information specific to a particular client, e.g., pulse signature, processor ED, 
clock synchronization ( such as that used by the Global Positioning System), 
possible hidden information that is built into non-volatile ROM (similar to how 
BIOS/FLASH information is installed), time coding of hidden information, etc. 

v : - - distance from C/V to.Cs 1 ,ThiSrmay ;i require,gping 39 the exacuphysical location 

-;. x~bf the client that is the, target of the.spoof: ; , .'*■;;. u j'/'.iuL: : usA' 

- knowledge of which ciient a given user is assigned to. (In a building with several 

/^uh-M, z u\: : ^ ~ authorized : users, this- 

ii ) In the example^ authentication works by requiring each user to use a particular client. It 
also includes both empirically gathered client clata an^ 'user credentials as part of the 
authentication process. 

Because of this, the authentication system of the example has the additional benefit of 
exposing users who are potential security risks. That is, for a spoof to break into the 
system, he must have intimate ichowledgie about^Bbth^he user aiid thfe ilser j s client. If a 
spoof tries to break into the ( system, and*;only:partially succeeds on the'firsMry v -he will 
■ : expose. which -client and user he is tiying^o^mimic; The Network* AdministrMor would 
definitely want to discuss this ^with the authentic user. ; V-:„:y u^/.k: 

The invention has taken away from the hacker the trial-and-error approach to breaking 
into the system. 

iii )'Employee Spying 

The authentication system could also be employed to stop random employees from 
logging onto the system using their fellow workers computers. For example, if employee 

27 

SUBSTriTITE SHEET (RULE 26) 



WO 00/691 11 



PGT/US00/12642 



X decides to use employee Y's computer he could do so under the prior art by just using 
his own access code. But in the example authentication system, he would be denied 
because his access code is only authentic for. his computer i.e. his computer's location. 



Several generations in the Measure / Counter Measure battle will now be discussed. 



10 



Spoof: Time-Staggered Narrow Beamed Pulses 
(See Figure 7) 

Cs - Spoof trying to appear as Ca 
PEi - Position of the satellite Ei ii=!.2,3) 
DAi - Distance from Ca to a satellite E i (Figure 6) 

, Dsi - Distance from V£ Cs to. a satellite E i. : (Figure 7) ; • v . r .,,- ,.•< 
Das - Distance between Ca and Cs 
Pa : Position of the authorized client 
15 • ,Ps ^ Position of the Spoof-.. - '•• . : , •:• - . 

.« ? v r . ■'; ^ .* tAe' --Emission time fronvCA of a signal the spoof wants to imitate 

tsie - Emission time of a spoof signal directed at satellite E i < i = 1, 2. 3) 
. tAi - Time that a spoof signal is to be received at the satellite^ i ( i - I, 2, 3) 

20 As we have seen, in one example of ; the invention, the Authentication Process works by having an 
authorized client. Ca. emit a beacon (700). This beacon is, for example, a spherical radio wave 
of a given frequency and/or pulse shape. fNote: This could be any frequency of electromagnetic 
radiation, or even non-electromaghetic radiation:) The emission is just a beacon. It is not a 
message stating the location of the client. 

25 



28 



SUBSTITUTE SHEET (RULE 26) 



wo oo/69 rm 



PGT/USOO/12642 



In the example, there.are satellites (possibly -three^or more) that intercept, this beacon signal. The 
satellites record the time f tAi V tXi' v t^i ) thai- each ; of therri intercepts the beacon pulse. This 
information is then transmitted to the Authemicition Server compiiteV "From 'this empirical data 
the location of the client is determined. 

% * - " * ' » * ' ■ i ■ ■ -*1 - ; .-! ■ " • - t * ' ■ t- * ■i ■ - • ■ , • • - i * c •■ 

' . ■ j - t . - ■ • -J 4 < . . . . i .<-_«.' . \ -i ...... « 

Even if the Spoof, through some method, has obtained the characteristic signature pulse of the 
client Ca , the assigned emission time tAe , and the credentials ofCA' s user, he still must 
overcome the invention's "location determining system." He couid try to do this by emitting radio 
signals from his position Ps which are received by the satellites and misinterpreted as being from 

the position Pa 

As an example, the Spoof CsVcouid try to defeat" tlie kuthenticauo the following 

way: - -•' Vu ' u ' - f:: - - • 5 A ~' ! 

i) He must determine the position, ' Pa ; of thef authorized user. One way to do this is to 
use a GPS (Global Positioning System) measurement to 'get the 1 precise coordinates 6f 
Pa. [Obtaining this^information is ia non-triyialyexerci?^ and J>hel^forexaises the hurdle to 
unauthorized access. ^ y .. t > , 0 . < . f .-. v - 

ii) He needs toiknow the distances Dsi.and DAi v;(4;r= l,.2;0).npne way to do this is to 
get the exact positions of each of the satellites PEi as a function of time. Once these are 
obtained he can calculate distances Dsi and Daj from his location, Ps, to the satellites 
and from the authorized client's location, Pa , to the satellites. [There are many ways to 

. get the positions Pel One.of these is : to. use Radar.] . .. , t; , ^ .... 

iii) Calculation of Beacon Intercept Times For 

29 



SUBSTITUTE SHEET. (RULE 26) 



PtrfAJSOO/12642 

WO 00/69111 



10 'V 



15 



20 



25 



By knowing the Da, the spoof can calculate what the relative intercept times ( t M , W 
' : tA3 ) would be of a hypothetical spherical wave beacon emitted at tAe from the 
' authentic client Ca to the thr^e satellites.' Remember that it is these times that the 
; satellites record as empirically gathered data on the client. And it is these times that the 

Authentication Server uses to calculate the position of the client. Therefore, it » these 

intercept times that the spoof will have to artificially create with a spoof EM s.gnal m 

order to fool the invention's security system.) 

0 Calculation of Radio Emission Times For The Spoof Signal From Cs 
The spoof wants to emit signals from his location so that they are intercepted by the three 
satellites in the same sequence as thev would be if a single spherical wave were emitted 
from C A. One way to do that ,s to emit three separate narrow beamed signals, one to each 
satellite [Narrow beamed signals are required because if the spoof used three broad 
beamed signals each would tedeteeted by more then one of the satellites, thus revealing 
him as a spoof] But he must determine the proper sequencing. He does that m the 
following wav: 

Assume that the Spoof wants to imitate a hypothetical beacon signal emitted from 
CAatapamculartime. Label the assigned time of emission as tAe. The 
spherical pulse wave would be received by the three satellites at times t A1 , tA2 , 
tA3- The Spoof calculates these times from:. 
[ Equation 2 ] 

tAi - Ue= DAi 



Here ( t A i - tAe ) = transition time 
c = speed of light 



30 



SUBSTITUTE SHEET (RULE 26) 



PCT/USpO/12642 



He now must calculate the time of emission, tsie (> = 1 * 3 X of each of his three 
narrow beamed signals such that they are intercepted at their respective satellites at 
the time Iai Since he knows the distance, Dsi , that each beam must cover and 
the time r t^., at vyhich he wants it to arrive, he can . write: ^ ( . ( 



[Equation 3] 



Ui - tsie = Dsi 



10 



15,..' * 



v i^r; : ■:■ ■» Where^t/a; - : >t S ie : ),^ trsraitipruime , <(i o: v::v , cn0 A ; > 

, : , ^Solving Equation (3) for tsfe- :gives^ 
[Equation 4] 



tsie = - ©Si 



20 



Substituting for Yrohi EquatibiV r (2) gives: - 



25 



[Equation 5] 



t Sie - [ DAi - Dsi ] 



tAe 



31 



SUBSTTTTJTE SHEET (RULE 26) 



PC'rAJSOO/12642 

WO 00/69111 



I) 



15 



20 



25 



.-The Spoofthen knows-thatif he emits three na^wfeeam^.^s at the staggered^ 

■ tsie.'tsie. andt S 3e , respectively, to the three satellites E \ , ,E- 2 ,,E 3. they willbe 
received at times t.\l ■ t.A.2 . an<1 *A3 

iv) Spoof Authentication Process 

The spoofthen starts the Network Authentication Process as has been previously 
described. But at step 4 (b) he replaces the single spherical wave beacon that the authentic 
client Ca would emu. 'v#h three spoof beams,The spoof beams are three narrow beamed 
radio signals with staggered emission times t S ie , ts2e > and t S 3e ' The satellites E i 
"' intercept these narrow beamed signals and record the intercept times t A i , t*2 , and t^.. 

The satellites would send this empirical time of reception data to the Authentication 
' ' Server The Network would then use the above described position calculation method and 
erroneously conclude that the signal had come from the authentic client Ca. And would 
thus allow access to the spoof Cs. 

Network Counter-Metres to < - , 

The Network must now try to implement methods that would expose this type of Spoof We note 
that the spoqf CTs. differs trom:the ! authentic client. CA.in.at least four fundamental ways: 
i): He. is in a different physical location. , 

») He is emitting a different signal form (i.e., Ca emits one spherical wave whereas Cs 
emits three narrow beamed signal.) 

iii) He does not have an authorized client. The authorized clients have hardware, clock 
synchronization, hidden BIOS-type nonvolatile ROM with Network information stored in 
them, and other client specific data registered with the Network. ■ . .- 

iv) He is not being used by an authorized user. 



SUBSTITUTE SHEET; (RULE 26) 



S9111 



WO 00/6911 1 * PCT/USOO/1 2642 



The invention's approach is td enipioy an' additional empirical process to measure one or more of 
the above fundamental differences* and^then to;include.these.in the Authentication Process. This 
will expose the spoof and deny him access to the network. Some of these will now be listed. 

Any one of the following steps may be added to the invention's Authentication Process. 

a) Interactive .Approach 

After the first five steps of the Authentication Process that have already been described, 



additional ones can* be a^^ 

10 ^ ^-Authentication Server orders.theTequesting client to, emit a particularxadio signal "now." 

r The Network then knoyvs the time the signal was emitted and the time it was received by 
the three satellites. It can then calculate the distances from each satellite to the emitter and 
, ^ compare these : to, the Dai it has m its database for the authentic client. (In this method, 
,the Authentication; Server doesn t assume. that the signal was emitted at t\ c •) 

15 ' 

[Remember the example system is a "closed" system. When a new user is brought on, an 
official from the Network could go to the physical location of the authentic user and install 
the client. He then does several things, such as:'" synchrony 'doing checks to 

see how long the response time is to a signal tb transmit "how". Having the client / 
20 Authentication' ServeVlinked through 1 PC Anywhere Vuch that- the coVnifiands-to' the client 
are being given directly by the Authentication Server;; etc. ; .;'Fheise valt; become part of the 
Authentication Server's database. : And can , be used at later times to , check the authenticity 
of an access request.] ■ ^ 

25 f r\ ; Spoof counter-counter me^ure^See figure .8) : t ^ y { 

The SpooFtargets a Client such* that'' ^ v - 1 v . * v . : 
Dsi < DAj for all i and j 

30 



SUBSTITUTE SHEET fctFLfc 26) 



PCT/USOO/12642 

WO 00/691 11 



If Dsi to all three satellites W less tKari Dm to all three satellites, then the spoof could 
build software' that would iake the Authentication Server command to "emit a signal and 
delay the emission to make it appear that the Dsi are longer then they are. 

5 ' " But note that this further raises the hurdle. First it requires the spoof to find an appropriate 
target client. And the fact is that there may not be one. Second, he is then required to get 
' the user credentials of the person with that particular client. 

: .> Continuing, there are a variety ofwaVs to employ the Interactive Approach. For example, 
10 there are many things that can be done to the client to make it unique. The Network could 

encdde irito- NonVoiatile 'ROM hidden information that is specific to that client. One 
example would be to include a prearranged, but random, sequence of signature waveforms 
that would be used for the beacon, this sequence is known to the Network but not the 
user. In fact, even if the client' were stolen, the information could not be obtained without 
15 - the Management Entity. And therefore, the unauthorized user would be in a position of 

• • having- to first obtain' ve^secUre-dafc in order to break-into the Network'. And even if it 
- , succeeded in getting' this ! data, it isn't, clearthat it would do the spoof any good. See 
: 'C r ounteriMea^resr ,;; ' 

20 The counter measure to the spoof would be as follows: After the first five steps of the 

Authentication Process, the Authentication Server adds additional ones by asking that the 
■> clients emit a beacon at a particular time. In the hidden memory of the authorized client 
. V ,. there-is i'nfdnnation as-to the pulse shape the client is to useforthis. The Authentication 
. • .. server (and satellitesYwait to receive the correct pulse shape at the correct time. If they 
25 ' •' • don't, access is denied. ' '» 



The approach of the invention is not to be confused with the Global Positioning System 
(GPS). GPS works in a very different way. (See Figure 8A) GPS is used by a client to 
determine its own position and to stop others from interfering with that determination; 



34 



SUBSTITUTE SHEET (RULE 26) 



r wo;oo/69Ti:n^ 



PCT/USOO/12642 



.. whereas in the invention, the Network is tryingtp empirically determine the position of a 
remote client and to prevent an unidentified client from misrepresenting its position. 



Comparison of GPS to the Authentication System:' [See Figiire 8A]' 

Authentication System - a single time coded specific, but random, beacon pulse is 
. transmitted by a requesting client. This is detected by multiple satellites. The 
Authentication Server uses this information to calculate the position of the 
requesting client. 

.: , - GPS ^-.multiple satellites send p t ut tjme,poded specific^ but random; signals. These 
■ v: ; '< t ■ ,i are detected by a (3PS. receiver andjfrpnvthe relative 5 time sequences of the . ; - 
\j . - , u > - J i . reception of the different signals -the /cepeiyer^cm^ 

15 v,b) Spherical (Omni-directipnal) Wave petection }0r>i > ? -.^ , , ^ 

; In this counter-measure the Authentic^ My,availat>le technique to detect 

, omni-directional radio.waves^ If it .does^-t^ ; 0et.gct or^-directiqimi waves, ; it denies access. 
/ That is, it uses/some method to distingu^^ 
-there could.be additional satellites that ^are.not publi^ the system. 

20 These will intercept the spherical waves but not the narro^be^ 



10 



; • *! c) Angle Detection ■■ ,* = * r;':^.;-!.,';---.;;^ -;j;vv ^ ^v^: /vvi 

. The data stored in the Authentication ^Server database includes not just : the position of all 
25 .; ( i . authorized clients but also the direction The satellites 

* could carry antennas equipped «tp detecr ; the r direction from .which the emitted signal is 
coming from. (These could be Phased Array antennas/pr example. . ) This ; additional 
empirical information could then be checked against the Authentication Server's database. 

~ The directions measured* will be different for Ga and Cs. . l - r 



30 



d) Satellites Emit Narrow Beamed Command To The Client 

35 



SUBSTITUTE SHEET (RULE 26) 



WO GO/69111 



FCT/US00/12642 



The spoof has started an authentication process by transmitting to the Authentication 
Server its User Credentials and by transmitting radio signals to the satellites that are 
deliberately designed to be misinterpreted as the beacon frdim the authorized user Ca. In 
other words, an unidentified client wishing to gain access to the system is. in fact, stating 
that it is at the location. Pa. of the authorized client Ca . (See Figure 8b - Top Portion) 

This counter-measure verifies that statement by adding the following steps to the 
Authentication Prpcess: The Authentication Server orders one or more of the satellites to 
transmit a narrow beam command (See Figure 8b r Lower Portion) to the, physical 
position that the client is supposed to be at (again, this can be done with Phased Array 
antennas for e.xample. VT.his message directs the client to do something that can be 
verified, e.g., send a particular message to the Authentication Server. If it doesn't respond, 
access is denied. 

client Ca. Therefore, again.' the hurdle to unauthorized access has been raised. 



e) System And Method For Encrypting Messages To A User/Client With Decryption Based On 
* Inherent Physical Properties Of The^yser/Clieht 

The general concept can be stated as follows: Information to a recipient is encrypted in such a 
way that certain inherent physical properties of the recipient itself are used as "keys'* that 
automatically decrypt the messages. This is an inventive concept independent of computer 
network security invention. The remainder of this section, though, will be devoted to disclosing 
how this concept could be employed in the area of computer network security. Appendix E gives 
a more detailed description of the basic concept and two additional examples of how it could be 
used. [See also pans (e) and (j) of the section titled "Alternate Embodiments"] 



36 



SUBSTITUTE SHEET (RULE 26) 



r\vp 0p/691vH PCT/USOO/1 2642 



In the case . of computer network. securii-y.r.messages to the requesting . user/client are encrypted in 
such a way that certain: inherent, physical; properties; of the user/client itself are used as "keys" that 
automatically decrypt the messages. In, other wo^ds. if the client is who_he says he is. then the 
message will arrive in-the-clear. ^ . ^ 

5 

"The encryption method is designed specifically for the physical property of the user/client that the 
Network intends to use to decrypt the message. If a different physical property is used, it will 
■ demanci a -'difTefeHrencr^tidn method.' But the general concept will hot change: Build the 
r ehciyption 'method so that an inherent physical prdpfeny of the aiithdrized user/client itself 
10 1 decrypts the mWsage automatically' J -;: -l 

J Consider the situation where in unidentified cfiehf feque as prescribed 

r -uhder Auth^nticarioh Process steps ' lYhrbugh' 5, u s^t^ri r 4ccesV meSs*age to 'ifile Authentication 
Server and has emitted a radio signal that has been interpreted by the Authentication Server as a 
15 , beacon signal from the authorized; locatiqn> In .essence, the requesting client is stating that it is at a 

.particular, authorized position. Pa (See . Figure; 7)^ : . ::V ^ -■c/\y>Axi' z.l.y i»: txi. 

The approach of this counter-measure to spoofing is for the Authentication Server to send a 
. command to. the client such that: • .--.rr.r ,1 ; -rqv^n::* h:y*v&£ bu.?-\ ra^vs^ 
20 1 . The message can only be read by the;authp;rizedrcjient-; that js,rby>a:clieht with the 

physical quantitiesvthat this client is known, by the Network, to possess. This translates 

, into /'The message can only be fead at the stated physical "position PX V - v - 1 
(See Figure 9 arid compare to Figure' 7)" ; v * r * " 

25* 1 • ■' 2. The message is. for example, a command that } orders the client to "take a particular 

• r , \ action. The Authentication Server then verifies tharthe action has been taken and notes 
- ' the response time: J *~ ' ' 



37 



SUBSTITUTE SHEET (RUtE 26) 



WO. 00/69.1 11 



PCT/USOO/12642 



[The specific response time of the authentic client Ca has been calibrated as part of the 
initial setup for the user with that client. This can be done by having the network send a 
representative to Pa with the client Ca. The Authentication Server then executes the 
sequence of steps listed below making note of the elapsed time, i.e.. the amount of time 
5 for the client Ca to respond. This is then stored in the database of the Authentication 

5- : Server as empirical data and used as part of the Authentication Process:] 

3. If there^is no response within a certain: specified time period, access, is. denied. 
10 " This method will defeat the spoofing measure described above. 

' • ■ The details of the method wi ll, of course, depend on the particular physical Quantity of the 
i authorized client that is used. In one example. the quantity is its physical. locatioii. The steps 
listed below are tailored for this. But the method that this illustrates is more general in that it 
15 applies to other possible physical quantities also. " 

Note that even though we will restrict the following description to an encryption method based on 
physical-location decryption, there are still several ways that the message could be encoded. Two 
- of these are 1 discussed in the section title : " Alternate Embodiments" pans (e) and (j) 

'20 •"• "•' '• ' - '*" ' "" * 

A detailed description of dnenype ! of spatial'decryption method and counter-measure will now be 

:v given." 

Eigenfunction Decomposition Encryption with Decryption Based on 
25 Physical-Location-Dependent Superposition Used As Part Of The Authentication Process 
[See : Figures 7 and 9] - 



38 



SUBSTITUTE SHEET; (RULE 26) 



The first goal of this counter-measure : is;td'sendfa message to the client, such, that it can be 
understood at. and only at;. the physical' location; *P A : (i.e., the physical position the client 
requesting access has implied it is at=>: <■/ , -vi .. : v '^jv -[ x ■> :v -a*.:.? 

We will send the message as. an electromagnetic -sa-gnaj fronj the satellites to the position Pa . In 
particular, ,we will have ^the three . satellites transmit three, different ..parts of an electromagnetic 
signal containing the message. When these superpose at the location Pa they will form a message 
that is intelliahle, in-the-cie'ar,^ by^he client. In ^ditioh3t ; '-ahy-dther : physic^ position, the 
superposition of the three, signals are .unintelligible, inrtherclpar: [ By. the: term "in-jhe^clear", we 
mean that the message needs no further decryption to be understood.] Stated another way: 
u Encryption i s based .on a particular, decomposition fl^the, electroiri^nei ic ; signal tfr& ^specifically 
. designed, with the foreknowledge of letting superpp$itipn an(J spatial position ^o the-d^prypting. 

To execute this approach, the Network employs t the : principJes : of gigep& 

and Linear Superposition of Electromagnetic Waves. In doing so, it creates a novel method for 

encryption and-decrypttioa-pfmessage?.. «a? sv? dp.uod/ f?a /-> ?s&\ \ 

The calculations given below follow th^,,tradiu 

eigenfiinctions to span a space. However, there are many other methods that could be used. For 
example, a spanning set of non-orthogonai : over cqmpjete^eiger^ 

Information on this technique can be found under the Wavelet and Reproducing Kernel literature. 
The actual technique employed is irrelevant to the concept of encoding and decoding a message 
based on the physical, position of the user/client,^ -i v v "■. v, .-\<y --.^.n . .-v fc \> no 1 r^r.:S 

Consider then that the message we want the client to receive is in an electromagnetic signal, 
f (t, Pa), such as that in Figure 10. Here we have represented the signal as being digital in 

nature, but other forms are possible. The message starts at time t * . Physically, f (t, Pa) 
could be the electromagnetic field itself or it could be a modulation of it. 

39 



SUBSTITUTE SHEET (TRUIIe 26) 



PCT/US00/12642 

WO 00/691 11 



Using a complete set of eigenfuncnons. G K (t, Pa), the digital signal f (t, Pa) can be 
expressed as: 

5 [Equation 6] , 

f(t,PA) = 2, SKG K (t,PA) 

[Equation 7] n 

where gK = J f(L Pa) G K (t, Pa) dt 

See George Arfken. "Mathematical Methods for Physicists" and Harry F.. Davis, "Fourier Series 
and Orthogonal Functions" Note that if the G K (t, Pa) are sines and cosines, then the above is 
a Founer Representation of the ft.nct.on f (t, Pa). In this case we can associate electromagnetic 
plane waves with the basis set Gk . ( See Appendix C) 

15 ■- 

Many possible bas.s sets can be used to represent the function f (t, Pa) as long as the selected 

set gives an accurate representation of f (t, Pa). 

The summation can be truncated to a finite number of terms M and still represent the signal 
20 adequately for our purposes (i.e.. the message is intelligible.) See Figure 10A for an example. 

[Equation 8 ] 

f p A ) = g K Gk (t, Pa) where M is some finite integer 

25 Here wd have picked K = 0, 1, 2, . . . . M, but other assortments are possible. 

The representation can now be separated into three partial summations 

40 



SUBSTITUTE SHEET (RULE 26) 



V WG i 00/691 11 



PCTAJSfo6/i2642 



1 [Equation 9]^ '.- ; 1< -v.. A % ... ( r / .\ V.j ■ f j ■■■ ;^\i: r • 

g kiGki (t, Pa) * ^ g K3G0 (t, Pa) 

5 k, * r K5^ ; - 

[Equation 10] v j , ■ v;-; . : ; 

f(t,PA) = fl(t 5 PA) > f 2 (t,P A ) + f 3 (tvB 



10 where each panial sum, f i , is itself an electromagnetic signal and we have defined 
- * - f -{EquaticiH ; toAp tJr * kv '-' r:t ~' <: * a £ ' re ^- l^^^ihr:^ ' o?/i^t> *r,c 

15 The panial sums are over different values of the index K„ such that together they add to the set 
( 0, 1, . . . , M ). For example: 

Ki ranges over the set ( 1; 7.*8.£? * ^Mi^R^^'v:!- --i:o^.^n^ 



20 K2 ranges over the set ( 0, 2, 3/ lOV l 1,' . !' M -"2 ) ' 

K3 ranges over the set (4, 5, 6, 12, . ,..M ) 



such that the three sets together contain all the integers from 0 to M. [Note that other 
25 arrangements of the integers from 1 to M amone the three sets Kj, K.2, and Ki are possible. 
The issue is to divide the information between the three panial sums in such a way as to make it 



41 



SUBSTITUTE SHEET (RUliE 26) 



PCTAJS00j!12642 

WO 00/691 11 



10 



15 



the hardest for a Spoof to analyze. One way to do this is to employ the methods of Maximum 
Entropy. (See the publications of J.P. Burg and Edwin T\ Jaynes.)] 

There is one condition on this separation.lt must be dorte in such a way that each of the partial 
summations, f , , alone conveys no meaning relative to the full message f , i.e., each partial 
sum is unmtelligible. (See Appendix D) One way to help ensure this is to pick M small enough 
such that the full representation of f (t, Pa) in Equation (8) is just barely adequate, i.e., it just 
barely intelligible to the authentic diem C A Then any one of the panial sums f , . by itself, will 
be unintelligible to the client as the .mended message. (See Figure 1 1 .) Other than this 
requirement, the separation may be done in a variety of ways. 

In essence, the above decomposition has g.ven us three electromagnetic signals which, when 
' superimposed at Pa. will add to become the message f (t, Pa). We now want to associate each 
of these partial sums, f , . with a particular satellite E i 



We stan by noting that the shape of the panial representation f , , at satellite E u will be the 
same as when tt arrives at the desired locat.on Pa. What is different ,s that the pulse has been 
shifted on the time ax,s. (See Figure HA) Therefore, ail we need do is calculate the retarded time 
t Ei that satellite Ei would have to emit f\ at such that it will propagate to Pa and arrive at 

20 timet* 

' [ Note that the concept of "Spatial Encryption" is partly based on retarded time of emission t E » . 
That is, we know that there is only one location on the surface of the earth where, if we emit at 
times t E1 , t E2 , and t E 3 : the three signals will arrive simultaneously. This is basically the 
reverse problem from that used to calculate the location of the client from its beacon signal. 
25 Therefore, at any other location the three signals will not arrive simultaneously. And will not 
superpose in the designed way. ] 

42 



SUBSTITUTE SHEET (RULE 26) 



PCT/US06/12642 



Calculation of the emission time l£ j of the partial wave I i 

; . The distance from the authorized client Ca to satellite E i is DAi . If we want each of 
the three signals to reach the client, at time £ * then they, have to be, emitted at staggered 
1 * "times 5 t£i where l£ ' - u * " ' ; ' ; - ; ' " >J ' 1 r - :[ - : ;/ ' * 

v [Equation l l ] ~ { v - ; r * ; : . v - : , Y , . , ! _ -/-^ ; ; "i, J -rf;. i ,y ^; >■■'.: <: v !t . 

f.v {.: -t;.^ X E fc j= * mPa*: j-i - -V:;, ^V-^-^^tC 

c 

Here ( t * - t£i ) = the time interval between emission and reception of the signal 
(i-1,2, 3 ) 

Solving Equation ( 11 ) for j : 
[Equation 12 J ..„■••■; ,. - - ,;-4 :{ ,^ uot Uru.^ <vr< y ^-t^ n ns-ivv am v. 



This gives the relative jtimes (t£L , *E2 .-.and t^ ^at which each satellite must emit Us. signal 
such that the three partial representations f i ,i f 2 , and f 3r arrive at R.A at the same time t * 
:That is, they arrive atahe proper time and-location toisuperpose.to form the full signal, . : 
,f(t, Pa). . - . ' - ^ ' '• '■' . . - -o- - 



43 



SUBSTITUTE SHEET- (RULE 26) 



WO 00/691 11 PCT/US00/12642 



The technique will work whether the three transmitters are coherent or incoherent. However, 
there are advantages to making them coherent. 

Coherence between the three transmitters can be maintained by knowing their phase relationship 
5 and the distances between them. 

' Distances can be found using Laser Ranging techniques. Coherence can be established in several 
ways. One example would be to use three synchronized atomic clocks. Each transmitter is 
electronically linked to one of the atomic clocks. Then the electromagnetic signals f i , f 2 , 
10 and f 3 can be emitted coherently. [Other examples can.be found in ; the literature on Beam 
Forming techniques used for acoustic arrays and Hot Spot Tracking from Synthetic Aperture 
Radar] „ •■■ r ' r ' ' 

To summarize; if each satellite, E i . transmits the electromagnetic signal f j at the time t E , the 
15 signals will propagate such that they will all reach Pa at the time t * and superpose to form 

f (t, Pa). Here f (t, Pa) is the command the Authentication Server wants to give to the client 
- !/ who is suppSsedly 'at PA ;'•*"" 

Note though that at any other physical location (e.g., Ps which is outside a cell around the point 
20 Pa ) the electromagnetic signals f j will have no meaning, either singly or superposed. They 
will be unintelligible singly because we specifically constructed them to have no meaning singly. 
They will be unintelligible even when superimposed because these other locations will have 
different transition time intervals between emission and reception Thus the signals will arrive 
displaced from each other in time: (See Figure 12 and compare it to Figure 1 1) And this will 
25 destroy the sensitive phase relationship that must be maintained between the different signals f i , 
f 2 , and f 3 in order for them to superimpose to give f (t, Pa) 

44 



SUBSTITUTE SHEET (RULE 26) 



WO 00/6911 1 * PGT/US00/I2642 



Therefore, the signal 



( , „,., ; ., ; ; f /t„P) =F. f ,,(t, P),: + ,f\ 2 (t,P) + ^ 3 ^ P)- : ' 

only has meaning, in-the-clear, within a cell around the physical location P = Pa That is, it can 
Be read, and only read, by the client at Pa . 



Once the above analysis has been completed the Network executes the following steps as a means 
10 . of authenticating - the physicai ; Tbc&dW L 

The authentication process (steps 1 through 5) is modified by adding the following steps: 

6. The Authentication Server orders the satellites to transmit f j , f 2, and f 3 at times 
15 tgi ? t^2 j and respectively. 

7. Satellites receive the order and comply. (See Figure .13), 

8. At the location Pa , the three signals arrive at time J^|^^syg^mpps§ : ;to form the 
20 complete command signal f (t, Pa). The Authentication Server knows the time t *. 

The command f (t," Pa) is in-the-cleaf; No analysis needs to be Sone to decipher it. 



9. If the requesting client's antenna is at Pa it reads this command. 

25 IP- The command orders thexliemtp perform. a; task)that is verifiable by the network. For 

exam P' e - # orders the client to transmit a particular message ivia the already existing 
communicatipns, channel (505) to the Authentication; Servers ,L. : 

LI . The Authentication Server waits to verify the response ffomr the client It ilso notes 
30 the nature of the response and the time at which the response comes iri.[ 

45 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 11 4 PGT/US00/12642 



12. In its database the Network has the response time of the client Ca This was 
- : empirically determined at the time of the initial setup of the client and the user. 

13. If the correct response does not come within the specified time, access is denied. 

These additional steps will expose a spoof using the measures described above. 

Spoofing Counter-Counter Measure To: Superposition Encryption With Decryption Based on 
Physical Location 

1 . Spoof pitks a physical location that is within the cell that the network can resolve. Or it 
; .: just places ah antenna in this cell. . 

This spoof counter-counter measure will work, that is, it will defeat the eigenfunction 
4ecpmposition counter-measure if the spoof can also comply with the command. Even so, 
it forces the spoof to place ; a physical antenna in the authentic client's cell. Therefore, the 
eigenfunction decomposition counter-measure has succeeded in raising the hurdle to 
accessing the network. Note that the smaller the cell the harder the spoofs problem is. 

2. Mathematical Analysis of the partial waves. 

At any location except Pa the partial sums f j individually and as a sum are 
unintelligible 4n-the-clear. But it might be possible to use mathematical techniques 
to decipher the message. For example, if the spoof could intercept the three 
messages independently and then mathematically slide them back and forth along a 
time axis he might be able to artificially get the proper superposition to decipher 
, the message. But, this will take time. And it is this empirical variable that the 
. . 4 Network is keeping track of. So that if the response time is too long, which is an 
indication that the signal is being analyzed, access is denied. 

To make things more difficult for the spoof trying to analyze the signal, the 
network could employ many techniques. (See Figure 14.) Some of these are: 

46 



SUBSTITUTE SHEET (RULE 26) 



y/ooo/wui 



PCT/l)S00/i2642 



• ; , / t ' i:. 1 '\ t LAddihg noise: ~ . ;v-^: l; ' * 4 r\. : y\? r\- 

, , irf . ( . ii- Deliberately- adding- nonsensical \yayes beforehand -after the message part of" 
the signal. 

iii. Staggering staning time and length of the emissions from the satellites. 
5 iv. Assuming that there are many clients, there will bemany commands going 

oat from the satellites. It wouldn't be clear to the spoof which of these he 
should be analyzing unless he has specific information about individual clients. 
Again, this raises the hurdle to unauthorized access. 

v. Change the basis set Gk. (t. Pa). 

10 v ^ _ f . . ,; , ^qte that the authw 

decryption necessary at the. physicaLsite >Ra. -Therefore, the Authentication 

.i.^c^^- t ; y\i\ il „ ;. : Server canTepresent4he;eommand^^^ wants to. And it 

- j? J . *r ^ f > f v r " can make changes without evef 

' r : "'"j ■ • • vi> False signals can benefit but by the'N'etv^brkv ' v - ; -~ a " ■ 

15 ' vi£ The command signal 1 (t, r A) might only be a statement to execute a 

' particular command that is hidden in a set of commands that is stored in 

Nonvolatile Read Onlv Memory. Therefore, decoding it will not do any good 
unless the spoof also has the set of hidden commands. 



20 Alternate Embodiments 1 



Other embodiments are within the scope of the ciairii^ H ^ r ' - ; ^ 

J , . -1 

Any or all of the variations described here can be used at the same time with the methods already 
25 ' described and they could be combined into 'more' complex authentication processes. 



( a) Cellular phone system replaces satellites for empirical -data gathering. 



47 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



PCT/US00/12642 



The cellular phone system infrastructure has built into it a mechanism whereby it can calculate the 
physical location of the "user!. It is the only way the system knows when to hand offa moving 
user and to what station the user needs to be handed off to. In fact, recently the FCC has looked 
into the possibilities that Cellular Phone companies be required to give the location of a 91 1 call 
to within 125 feet. . . . . ' 

The Authentication System could employ this technology in the following way: Clients have a 
cellular phone electronically connected to them. Logging on commands the cell phone to emit a 
10 signal. The Cellular Phone System receives the signal and determines where it has physically come 
from. The Cellular Phone System then transmits this information to the Authentication Server. 

; b) Employing the Global Positioning System (GPS) . 
. . The GPS satellites emit prearranged but random signals that are known to the GPS management. 
15 These random signals could, if known in advance, be employed by the invention. There are many 
ways that these signals eould^ 

the Authentication Server, or that are stored in nonvolatile ROM, to form a complete command to 
the client. Also, this could be done in such a way that the message depends on the position of the 
client. 

20 

c) Caller ID f f; - : 1 * ^ 

If traditional phone lines are used by the client to access the network, then the network could use 
caller DD to help identify the client. That is, during initialization the authorized client's phone is 
identified by the network. A spoof trying to mimic the authorized client would have to mimic the 
25 phone line itself. This, of course; would fall under traditional telephone service fraud, the phone 
^companies have extensive divisions to deal with this. 

Assume the spoof has somehow managed to fake the Caller ED system into thinking that it is 
calling from one line, whereas, it is really calling from another. To expose this the Authentication 
30 Server institutes the following sequence. Once it gets the initial call from the client and reads the 

48 

SUBSTITUTE SHEET (RULE 26) 



WO00/691#l 



PCTAJS66/12642 



•Caller ID phone numberand access 5 codes: it discorih^cts; IrtKen talis? the stated phone number 
itself. rThe only way for the spoof to break this is to 'physically intercept the message as it is 
transmitted over the line. to the proper humber^'- - - ^ - *"> " : - >:i: 

Another way is for the Authentication Server to use another telephbrie line ; 4rid to call the one 
supposedly being used by the client. If it doesn't get a busy signal it knows that the client on the 
line is not at the correct number, regardless f pf y/hat the Caller IE) says, j? c; L* " 

d * P^£ K ^pnyate ^Y? in conjunction with other aspects pf;the invention/ ? v 

e) Time Sequencing Approach 

Note that we have described one way.to encrypt a,m?s?aae su$fr jjhat:^ 

, ^^i°";?^v^ ^f^ 0 ?;;^^ sigiM%ii Figure 10 

coiild just be broken iqto t^ je^uenti^ .^s without, d<^g an eigenfunra^ 
^ese would then be transmit!^ by tte at the 

authorized client's site, ^ do thpy am>^ in.the,cg^ ( See 

~ Figure 15) ^ ^ ^ 1 1 _ ^ _ ; . h ^ y L -< A * a 

f ) Leave all clients on all the time, but not connected to the network. CO ^IVJ ; v 
This could then be employed in the following. way, \Vhen ; the spoof requests actess to the 
network, a message is sent from the satellites, to. the a^entic; client's position. ; If the authentic 
client receives such a message when, in tjiqt,, the.cliem^dn^.ask. t<?.<go on-line^ it'bouid be 
programmed to transmit a signal back tcvthe satelh^es tejling : them so; i.e- -pointing tout that the 
request for access was from a spoof. Or, another method would be. for s the. authentic users to be 
chirping (emitting random, but known, EM signals) all the time when not connected to the 
Network. These would be monitored from the satellites. If .the- authorized, client keeps chirping 
after a request for access is received, ,the, request is known to be from a spoof » -. ? ' & 

g) Use lasers instead of radio signals as a means of sending messages to the client. 

49 



SUBSTITUTE SHEET (RUEE 26) 



PCT/US00/12642 

WO 00/6911 T 



This has the advantage of being easy to direct i.e. narrow beam. But it has the disadvantage of 
requiring the client's receiver to be in clear sight of the satellites. 

h) Use different raw data at different timesto determine access. 

5 Spoof doesnt know what to mimic. And if he tries to mimic them ail the Authentication System 
. could detect the bogus and unasked for signals, and deny, access. 

i) Ground Based Equivalent 

Earth Bound Towers (such as microwave antenna towers) could be erected that serve the same 
10 purpose as the satellites. These would contam equivalent empirical data gathering dev,ces as the 
satellites. But they would have the flexibility of having ground connections to the Authenncatton 

. ' - Server if desired. ' v . 

j ) Vector Decomposition Encryption Approach 

15 .itetonamto^ , 

physical location. This method uses the vector nature of the EM field as a means of accomphshmg 
the position dependent decryption. That ,s, when two or more electromagnetic fields reach a 
..■ ,;, particular point they add together vectorally'. 

,o l Consider the situation where the message We want to send to the client is a wave polarized along 
the x-axis. This wave could be of a certain dUrauon m time. We can then design waves to be 
emitted from the three satellites that, when added together at Pa . give the desired result. These 
waves are individually not polarized along the x-axis. Let E represent the total electric field at 

Pa: Then, for example, we could have: 



25 



E A * £ here x and y are unit vectors along their 

E2 = - 3 x +3y * " : respective axes. 



50 



SXJBSTTI1JTE SHEET (RULE 26) 



r VVP 00/69111,,; ' PC *WM3& 2 



This gives E ~ El + E?2 + E3 r = t 2x* for theaotal electric field. . . ^ , 

5 Since the actual signal could be embedded in hoise^ahd since at the location Ps the three signals 

will not arrive at a time that facilitates the above superposition, this is a viable method of 
encryption. 

[Spatial encryption is partly based on retarded time emission of specific nature tgi- That is, we 
10 know that there is only one location on the surface of the earth where;,, if we errat at time tgi then 
the three signals will arrive simultaneously. ] 

k) Applying The Inventive Concepts Qn Computer Network-Security Ta The Wireless - ; 
... Computing Environment ; Removing- The Limitation ^ 0f Fixed Position :. : 'rK,i Us i z 
15 -t ::: -nrv* -<><^.-r-r'^ ,21 rsrf T .>^ : ?qv'rcb r^v&Q*>\ ro^^, 

As has been described in the examples, the network security systerruis based] on? empirically 
gathering information about the physical location of a client/user and incorporating this into the 
authentication process. One panicular, embpdimgi>t? ^employs .mobile (cellular) phone ^technology in 
a computer. that. isn't mc^le.fSeeX.ai.abpYerlK- ••».;-• t.^:;i>ov; i> r.»f:. 



20 



25 



; ; • .- .^b?: < eis.T^:*,; v.rv i.tc ^ 1: ■ - 

However, wireless (i.e., mobile) computing has recently been growing in popularity. In this 

• situation, the computer is using the cellular phone system as the primary method of 

communicating with a network. There is no conventional wire connection to the network and 

there is no fixed location for the client. 

The inventive concepts can easily be extended to a network security system that would encompass 
the use of wireless computers. Two methods will now be described, 



51 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



PCT/USOO/12642 



[Note that there are several concepts ( e.g;, branded CPU, hidden information in ROM clock 
synchronization, etc.) that obviously translate into- the wireless environment.] 

Continuous Monitoring 1 - • ■" - 

5 ■ Just as 1 in the earlier examples, this embodiment also requires that the client be initialized by a 
network representative. This could include any of the previously described things such as 
determining precise physical location of the client,* clock synchronization, etc. 

Then, in this embodiment, the authorized client is left on ail the time and "chirping." That is, it is 
10 emitting a beacon signal at specific intervals even when not connected to the network. This allows 
the Network to continuously monitor the client's location. [In addition, the Network could keep a 
record of all these locations ] 

Therefore, since the location is known at any given time, to within a certain range, all the security 
IS measures of the earlier ^examples can be employed to address, aylta Thi&iangWJt 
region around the last known location. The size of this region is determined by the "chirp" rate 
and what velocity is physically possible for the client. If a signal is received that is outside this 
region, the client is denied access. 

20 A variation of this would be that the client is kept within a relatively small cell size and there is no 
chirping. However, if the user decides that he wants to move outside the cell he informs the 
Network, through his software, that he is now in the "mobile" mode and the chirping begins. 

Cell Size Is Increased 

25 Even though wireless computers are mobile, they tend to be used within a limited geographical 
region. Therefore, starting at the initialization point the user can, through the software loaded on 
the client, inform the network that it intends to be in a certain region. An example would be a city. 
The authentication process works as it did in the earlier examples, except that now the cell 
encompasses the city not just a small region around a desk. The system is effective because it still 

52 



sirastrruf e sheet (rule 26) 



WO 66/6911 'JfctfttD? 



PCT/US00/12642 



. can be used to .address- all those fsp.odfs who are qytside$he>celi. [In tWs..embodiment, .the client 
does not have, to .be chirping all.the-.timie,]-^-*' *\v-.*aw. - 1 • : w'. .? t ?s :;»,*:;■ 7 

Other variations of these methods could be employed. For examples. , ; \\ • ; \:\ \ - ~; 
5 -ho:-. Equipping the \vireless;.computer withia means, to connect to a standard telephone line. 

,o If the client/user has moved outside the allowed cell in anjUnaMthora^d fasWon, he can 
be required togo to a location where he can be ^uniquely, identified, by the Network. 



.1 v. • ? 



ir r^v! ?:t^:^ : «?/;. %c,v :&jow sii/Ho vowr.' v.- 

/ 5.-'. v *. v '#-.,v;.. , 



53 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 n 



P'CT/USOO/12642 



Appendix A ! *' Vi 1 " 

Raising the Hurdle To Unauthorized Access 

5 'One of the goals is to raise the security hurdle to unauthorized access. This is done because the 
hacker/ spoof looks at a given network and weighs "cost of overcoming security hurdle" against 
"possible reward." 

The authentication system raises the hurdle by using empirically gathered client information and 
10 doesn't rely solely on ciient generated digital information for authentication. This then changes the 
dynamics of the Hacker / Authentication Server battle and raises the hurdle in three ways: 
1 . The technology needed to spoof the system is not readily available . ;; 
2. The skills needed to use the technology aren't within the normal knowledge 
■ domain of the traditional hacker. 
15 3 . The^e^alo^^ 

That is, the Authentication System forces the hacker to do things (e.g., satellite positioning, radio 
transmissions, etc.) that are not just based on clever uses of software. These are things that the 
vast majority of hackers have no experience with. Therefore, the system, although not perfect, is 
20 effective in dealing with the normal, or even the clever, hacker. And, consequently, the 
authentication system could be used to protect standard business computer networks. 

As we have seen, it is possible to spoof the authentication system. But with each counter measure 
comes ever increasing technological sophistication and expense on the part of the spoof. 

25 

In essence, the authentication system makes breaking into a network very expensive and 
technologically challenging. 



54 



SUBSTITUTE SHEET (RULE 26) 



r ^qoo/59iH^ 



PCT/US06/I2(S42 



Therefore, one example of how it couid be fruitfully employed is that a ¥ company xould be set up 
to provide authentication services to many private business with computer networks to protect. 
Even if no single one of them could afford to set up the authentication system, as a group they 
would constitute the customer base that would make the system a viable business. Similarly, no 
5 traditional hacker could afford to overcome the hurdles set up bv the svstem. And. if a Counter- 
Authentication group were established to break through the barriers, the only way it could be 
- done would be by the expenditure of a great amount of money and effort. It would.be hard to 
keep this secret. Especially if Counter- Authenticaion group went about trying to get customers. 

10 Therefore the system, although not perfect, is effective in dealing with the normal, or even the 
clever, hackfer;' And it is hackers who are the major problem for the standard business network. 
,; Consequently, the invention could be used to protect standard business computer networks The 
hackers bt these systems do not have the resources to overcome the hurdles the invention puts up. 
Therefore a com^ viable business based on the invention could be set up where the 

15 business runs security for many companies at once. 



55 



SOTSTITUTE SHEET (RULE 26) 



WO 00/69111 



PCT/US00/12642 



10 



15 



Appendix B 

An \ Example Oj r The [Invention's Authentication Process That Includes One Counter-Measure To 
Spoofing - 

1) The user uses his client computer Ca (104) , and its software, to request access to the 
Network ( 200 ). * This client, which is configured by the Network, has very specific 
hardware "and software pre-loaded on it related to the Authentication Process. 

2) When the client's Netwprk softwareis opened, it. prompts the user to enter his User 
Credentials into a certain location on. a "Network LogOn" screen. This couid include, for 
example, his user ID and access code: ( 1 23, XYZ). It could also contain, for example, 
biometric information. Processor Serial Number, encryption keys (public/private), etc. 

3) The client's software translates the credentials into digital information. 



20 4) Data is Transmitted to the Authentication Server; Empirical Data is Obtained 

a) The client's software then creates an electronic message that includes the digitized 
; credentials. , 

,;r , ';.-■!: - Diagram 3 : | -f l' I 2 I 3 ; |. X | Y | Z T i I ! 

When the "Cohnect" button on the Graphic User interface (GUI) screen is clicked, the 
software forces two events to occur: 

i) the above electronic . message is transmitted to the Authentication Server via 
, the normal communications link ( 505 ) 

30 _ ii) the software orders the radio transmitter Ra (105) to emit a beacon signal 

(700) from the antenna Ta ( 106) with the pulse signature that has been assigned 
to this particular client. 



56 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 VI t PCT/lJSOO/1 2642 



b) Empirical Data on Client's Physical Location is Obtained 

The act of transmitting the credentials to the network triggers a radio beacon signal to 
be emitted from the client. tThe user doesn : t have to do anything additional to have 
'this beacon "emitted A)* This beacon 'signal is 't^ically a spherical (i.bv; omnidirectional) 
5 EM wave with a unique puise shape. '■• - :: y ' 

The radio signal is detected by the satellites E i (600). The satellites note the client's 

signature pulse and the time of reception, tAi > ^ *A3 of the pulse. The 
amyal times will. Jn. general jbe different. for the three, different satellites. (See Figure 5) 
it) The results of these measurements are transmitted to the Authentication Server. [Note 

: ; ; :.y. ■ if * that in" other embodiments there will be other quantities measured, such as: direction of 
/ " ; :the EM. beam. polarization. 'etcl]-- 1 * ±ui-r^:> -i ?.«t ..:;i»*^ > 

Note the following "rWtures ofl he sequence 

15 " i. the authentication data is different trom the prior an. : 

ii. the method for obtaining that data is active (empirical) rather then passive. 

5) Checking for Authenticity: A Two Step Process 
20 * a) The Authentication Server has in its database a list of digitized credentials for all 

authorized usersT When the' electronic message from the client arrives via the normal 



25 



communications link (505), the Authentication Server takes the user's digitized 
credentials, and compares these to the credentials it ;h$s stored in its database for this 
particularaiser. 



b) Using Empirical Position Data To Determine Authenticity 
""' ' ' ^ i) The Authentication Server also has in its database the physical location of each 

authorized client. (This can be obtained, for example, in an unequivocal manner 
— - by having :a Network Official ise fa' Global Positioning System (GPS) device 

30 r during the initialization process. Once, this physical position is established, 

movement of the user's client is restricted to,a certain physical region 
established by the Network.) 

57 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69111 



PCT/USOO/126^2 



ii) The Authentication Server receives information from the satellites on their 
direct measurement of the clients beacon signal. 

iii) The Authentication Server uses beacon signal information to calculate the 
locatiori of the ciierit: 

5 iv) It then compares the actual position against the registered one. 

c) Both the User Credentials in fa) and the physical location in (b) must match the 
information stored in the Authentication Server's database for access to be given. If 
either, or both, of these quantities do not match those in the database, then access is 
io denied. 

6. The Authentication Server orders the satellites to transmit t , I , and I at ttmes 
tEl 5 tE2 > and *E3 respectively. 
15 7. Satellites receive the order and comply. (See Figure 13) 

8. At the location Pa. , the three signals arrive at time t * and superimpose to form 
the complete command signal f (t, Pa). The Authentication Server knows this time t 
The command f (t Pa) is m-the-clear. That is. no analysis needs to be done to 

20 decipher it. 

9. If the requesting client's antenna is at Pa it reads this command. 

10. The command orders the client to perform a task that is verifiable by the network. For 
25 example, it orders the client to transmit a particular message via the already existing 

communications channel (505) to the Authentication Server. 

11. The Authentication Server waits to verify the response from the client. It also notes 
the nature of the response and the time at which the response comes in. 

30 



58 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69211' 



PCT/US00/12642 



12; In its database the NetWork fias'the resob rise time of the client Ca. This was 
empirically determined at the time of the initial setup of the client and the user. 
13. If there is no response within the specified time, access is denied. 



59 



SUBSTITUTE l SHEET (RULE 26) 



* PCT/US00/12642 

WO 00/691 11 



10 



15 



Appendix C 

A Statement about Eigenfimctions 

A particular example of a complete set 'of ei'gehfunction would be that of plane waves. (See John 
David Jackson, "Classical Electrodynamics". Second Edition, page 270.) These waves are, for 
example, functions of the argument V 

' . ' _ \ " ....... , KX - (Dt ■ • /' 

. Here I have used the notation of Jackson with; 
; ;; v- ■ f£ = the wive vector 
- • iA ' k = position in three' dimensional space ( a vector quantity) 

CO - frequency 

t time _ m p . : ... . . . . 

This set of factions is only given as an example. There are many others. Which set is chosen is 
w( detennined>^ i.e.. f (t, Pa). 



60 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691.1.1* 



PCT/US00/12642 



Appendix D • , . v ^ r;^ 

,4 Comment About Signal Analysis r . . . . > *• 

We have used phrases such as r.each of the partial summations. : f fJ . PA alqne ; cqnveys no meaning 

- 5 relative to the full message T* " ' and "any one of the pahiarsums I j , *by ; ksel£ will be 
unintelligible. " These and other similar terms can be quantified using Signal Processing 
techniques such as autocorrelation, cross correlation, etc. [ See A. Papoulis, "Signal Analysis"] 
These techniques give a quantitative way of measuring the relationship of one signal to another. 

10 For exampie, the cross correlation iimcuon >is. a measure bfihow much one jsighaUs-like another. 
That is. how much information contained in one sicnal .can.be said to. also be in another signal. 
Saying that a "partial summation, f . f alone conveys no meaning .relative to the fiill 

message f "' is basically saying that the cross correlation between the two is very low; 

15 The idea is to set up the partial sums such that the cross correlation is sufficiently low that it 
would not be easy for a spoof to discern what the full signal was. 

Finally, it must be remembered' that the;spoofiis dealing wiifrth©thffee.$i^^ have 
propagated from the transmitters to his antenna. That is, he receives signals that are distorted by 
20 noise. - 



61 



SUBSTITUTE, SHEET (RIIJJE 26) 



WO 00/69111 



PCTAJS00/12642 



Appendix E 

Decryption Based On Physical Property Of The Recipient 
7" ;.(Npte that this concept can 'be used ^ many other things besides computer network security.) 

In this approach to encryption/decryption there are basically three levels, ...... 

1. The concept of encoding a message based on some inherent physical property of the 
recipient. ; . 

2 The particular physical quantity- used < 
10 ; , ' 3. The.panicular method used with the chosen property to encode the information. 

information can be encrypted in a special way, such that, a specific, and unique, physical property 
f of the redpiem automatically decrypts the information, There are many physical ; propert.es this 

could be based on. , .. . ( . ■ ' 7 ; - 

l5 a pj^^ C atloca!teii 

b. unique sensitivity to light or sound 
c DNA (unique to each individual) ,. 
For eachumque physical property, there will be many ways to encrypt the information such that 
" when h arrives it is automaucally decoded, by the physical property itself of the authenuc rec,p.ent. 

The main body .of the disclosure has gone into details on using physical location to decrypt a 
message The following are two additional examples to illustrate the general principles of 
' " encoding a message based on some inherent physical property of the recipient such that when « ts 
' received it is automatical decoded by the physical property itself of the intended rectp.ent. 



25 



Note that the technique can be applied in a variety of areas, computer network security is but one 
of them... 



DNA Decoding . - , : 

62 



SUBSTITUTE SHEET (RUllE 26) 



DNA is a chemical. Each person's DNA is different. Therefore, this chemical is different for each 

:- v'.-V-> rVU Jr.. 

person. 

Imagine a situation where a message is sent to a recipient in the form of a card. The material used 
r to ; print the message on the card is made of tWo cherrucaJis. dhe of'these cftenric'ais is tailored to 
react to the recipient's DNA and the other does not react with it. To the naked eye the card 
appears to be blank/ The is ertcrypfed using'ttie two chemicals and 

- cannot be (decrypted by normal ciyptography: (For example, tHe message cbuld appear as just a 
black area across the card made up of the two chemicals.) But when tlae legitimate recipient's 
DNA is smeared across the black ar£a. a cheitiical reaction takes place that automatically 
deciphers ttfe message: This could beaccortiplish^ the recipient's blood or 

saliva. 

^Thiirgivtes^^^ of how the-difFefenc^s between ea<^ be used to 

decode messages. There are others. For example, light passing through a suspension of the DNA 
would be affected differently by different DNA. " ' '' 

Physical Senses Decoding of Messages " now .y. r>v,^n A«o , 

The sensitivity of our physical Sensest*i£^^ person to 

personl This sensitivity' could 1 be used' to : dedpfifePm&Mgfes! ,;j ^' ,; ' n ^ vVU ^ h 

* PCs have the -ability to produce over 1 million differeritxblbrs. Xt iny given cdlb'r, there are many 
r colors riear inn wavelength that cannot be ^ discerned ' by the kveraije personv'But there are some 
people who have such sensitive sight that they ban distinguish two particular cblbrs^that only a 
very few others could. This sensitivity -could be used to encrypf messages to thai person. 

! Consider a situation where it is know that the legitimate recipient can discern two colors with 
wavelengths k\ and /- 2 . In addition, these wavelengths are not discernible to the average 
person. A message can be encrypted by using the colors of the PC to first create a background in 
the color k\ and then writing the text of the message in color X 2 *■ on a computer monitor. The 

63 



SUBSTmjTE SHEET (RULE 26) 



PCT/USOO/12642 

WO 00/691 11 



person with average sensitivity 



would not 



be able to discern the message. While the person with 



the heighten sensitivity would see the message, 



i.e .. the message would .come in the clear. 



There are many other ways that the variations m 

- what, sense is used 

- how it is used , n ., • ■ 

- for what purpose it is use. 



sense sensitivity, could be : exploited both in: 



64 



SUBSTITUTE SHEET (RULE 26) 



<VO 00/69111 ^ 



; v Appendix : \. r . - x :.b , - j . 3 !^ r v- 

Non-Computer Security Uses For TH'e 'iMenifdn^ - l> ' Ji v 1 : ' u ' ■ ; 

■ ■ : Teenager Positioning - System ''TTS '^ 7 ' - k:U - ;x ' ,,v 7 ,? 4 : " n;W: Hf " 

5 Consider a situation where teenagers are required to weir an AutHfenticaubh System "Beacon 
Beeper." The Beeper automatically sends out a radio beacon signal at preset intervals. The 
Authentication System signal detection system (satellites, m^oWaVe" antennas, or some other 
method) detects these signals. The raw data is sent to a central processor (the equivalent of the 
authentication server) where it is analyzed to calculate the actual position. This information is then 

10 stored. Parents could then get this stored information in a variety of ways such as: 

1 . by access to a secured web page 

2. by having the information emailed to them 

Thus, parents could unobtrusively know where their kids are. 

15 In addition, the system could be programmed to do the following: 

a) Take a reading every five minutes and then, on request of the parent, print out a map of 
where the teenager had been over a specified time period. (This is a solution to the old 
response of "No where." which is commonly given by kids when asked where they were 

20 the night before.) 

b) Restrict the teenager from going to certain geographic places. (Beeper gives a shock) 

c) System detects if the kid is moving faster than walking, e.g., in a car. It can then change 
its sampling frequency to accurately determine the speed the kid is going at and record 
this. 

25 d) Location is coordinated with roads and their speed limits 

e) If the speed is in excess of the limit for that road, a note is made of it, the parent is 
alerted either through a phone call, email, or on a computer screen to a secured web page, 
and the police are alerted. 

f) Parents can map out certain physical locations that 
30 - the kid must stay in. and/or 

65 

SUBS m'UTTE SHEET (RULE 26) 



WO 00/69111 



PCT/USOO/12642 



- the kid can t go to (e.g. a person's house) 
The parent is alerted if these are violated. 

g) Two set of parents can coordinate their efforts. Both their kids can be equipped with 
Beepers. The system could then be programmed to coordinate their movements: either to 
alert if they get together or if they get apart. This couid be used for keeping girls and boys 
, apart for example. , ; , . ._. t - 

h) Shock is delivered i 

This happens if the .kid is doing something that the system has been programmed not to 
allow the kid to do. These couid include such things as driving to fast,, position where the 
10 kid isn't supposed to go, etc. 

A system similar to this couid be userito track toddlers. Parents could know at any moment 
where they were in the house. 

15 Of course, there is the obvious use for criminal location. 

This system cbuld alsfa be usetf to ideate people with health related problems. For example, there 
are those who could become incapacitated. The location system could be tied to other measures 
that would transmit a signal to authorities under certain conditions (eig., when pulse rate falls 
20 below a certain level, no motion is detected, etc. ) 

Note also that the Beeper could '-be more elaborate. It could be an electronic beacon electronically 
* connected to a GPS hand held device: In this case the beacon is really sending out a message 
stating the teenager's position. (Note that in this case we are really not that worried about 
25 spoofing with anything sophisticated.) And the full authentication system would not be needed. 



66 



SUBSTITUTE SHEET (RUIlE 26) 



Appendix G - -• - . 3 .s> v - 

7P5 Teenager Positioning System: - v 1 ^ ' < s : j ' : : ; - <<~ -±\ 1 
1 : c : Simplified Method Based dh >f Iddilification to cutreni Cellular * 

Systems - * • ; — - ? 

A cellular phone system has data on the position of an active user. (This position is to within a 
certain resolution that may vary from one system to another.) That is, the system itself has this 
infonhatiorix^ is tfdw the system knows when to "hand off' a user as he drives from one 

-cell to another^ x - »• ^ ■ '-' r ' :V <: "'- — '^ >;lu 

The cellular phone system could be modified by adding special software to transmit the position 
location of a user^ to w aq authorized person, or website..' tih-o: * js i : / , ^ / 

The invention would work in the following way. A parent gives a cell phone to his kid who is 
going out for the evening. Whenever the parent f wants, ; h^ caUs the cpll ; phone^Xhe k^d answers 
and the cellular phone system automatically locates the kid. Using its modified software, the 
system;then transmits this information to ; the p^ent. :: ^here are many^ays $p ^o^this:; 1 . through a 
secured Ayeb page v 2. directly on one o&therne^;phone that are 

allowing.users to get email .such ,as.a Palqi ; Pilot _UI^ f ^ejir^v^c c zimznzrt hbsnw 

\.\r::y&b hi ?;c".;kt; or i-v-s! rib^sr; & v?tv:c ufl 
In addition, variations of the standard cell phone could be developed. For example, something 
similar to the Authentication System »B eep^er, but instead of sending ojjt a cpntinuous radio beacon 
to satellites, it could be prograrnmed to dial a panicular telephone nu^ every 
five minutes. The. location data would; be recordedina fashion similar to that described in 



67 



SUBSTITUTE SHEJET (RULE 26) 



WO 00/69111 



PCTAJSOO/12642 



Appendix H ■ '•' : 

Location Within A Geographically Limned Area 

There are a host of situations (Home, prisons, shoppmg malls, etc.) where an authority would 
5 -liketokhowthephysicallocation 

motherwith several children has to spend an inordu^e ^ 
^owswhereeachoheis. ^ Also, parents going to shopping malls with the^ds who a^ 
, tobeontheirownnndthemsdvesintheposition 
make contact: Variations on the Authentication System could be employed to so;ve these 

10 problems. ^ 9 

There are several ways to accomplish this. 

1. Beeper with Authentication System 
A,., ^Beeper with 

3, GPS Receiver connected to a local computer 



15 



1 Beeper With Authentication System: 

As an example, the system could work in the following way: A mother puts a beeper on the wnst 
of each child. Then at strategic locations around the house she has a PC monitor on and 
, 0 connected to a secure web page. The page displays a map of her home. On the map is the locate 
of the child. This could be.updated as often as desired by the parent. The basic technology ,s the 
same as that discussed in Appendix F. 

2 Beeper with detection infrastructure specific to the geographical location 

25 In this case, instead of using satellites or cellular phone technology to empirically measure the 
position of a child within a home, the system has its own detection infrastructure withm the home 
and surrounding area. This could be based on extremely low level microwave, radio or other 
emissions from a beeper. This system » connected directly to a home PC. The PC calculates the 



68 



SUBSTITUTE SHEET (RULE 26) 



:.^O00/6?l;lIi^ 



PGT/US0O/I2642 



10 



location of each child and displays in on a map. Also the PC could be programmed to alert the 
parent if one of the children is goine into restricted areas. - ^ , ■ . . (1 

3. GPS Receiver connected to a Jocal computer v ,. _ ^ % f> _ i: ^, - v 
In this situation, the beeper isn't just a. beacon. Instead it is connected to a.GPS device. 
Upon entering a Shopping Mall, a mother goes to an ai;ea that has Location Beepers for lease. 
She is given one for each child and an ID number. The device is programmed to, respond to a 
command from the central authoritv. For example, a mother wants to know where in a Shopping 
Mall her kids are. She goes to a computer (several of which are conveniently located around the 
Mall) and punches in her ED number. The computer sends out a wireless signal.to the GPS devices 
to determine their location and to send that information back to the computer. The computer then 
displays the information for the parent. ^ , . ^ „ , , w ^ , - * ^ ^ T 

Another variation on this would be for a p^ent whp. is r drqppin kjd^off at the Mall. When the 
15 parent returns he could be given a map of where th>e i .kid^u..b^n Ii> ... tJ , ^ 




69 



Sl^STmJTE SHEET (RULE- 26) 



PCT7USO0/12642 

WO 00/691 11 



CLAIMS , 

1 A method comprising, . ; ■ * ' 

in connection with authenucaung a client.of a network, acquiring information that 
characterize, the client in a manner.that enables a determination about authenticating the chent of 
th e network, the information being acquired other than in the form of a digital message that is 
passed on behalf of the client to the network, and 

making an authentication decision based on the information, 

2 The method of claim 1 in which the information is acquired by ; the network. 

The method of claim I in which the information comprises a measurable physical property 

10 of the client. ^' "* '■ ' 

4. The method of claim 3 in which the measurable physical property is sensed from a location 

that is remote from the client. . 

5. The method of claim 3 in which the measurable physical property comprises a phystcal 
property of a device that is part of the client. 

A5 6 ... Themethodof claim 3 in which the measurable physical property comprises a physical 
property of a person associated with the client. 

7. The method of claim 3 : in^hich the information comprises a geographic location of the 
client. ,. -.-..'-v.sr ■ 'vv; -n; ' v ' ■' ■ *' ■ ' " ' 

8 '"The method of claim 7 in which the geographic location is determined by measunng a time 
,0 of reception at multiple, r eceiying ; locationsof a beacon s,gnal that, originates at the client. 

9 The method of claim 8 in which the measurement is done at earth orbitrng-satelhtes. 

l0 - The method of claim 8 in. which the measurement is done at earth-bound receiving towers. 
H . . T^e method of c^^ 
telephone service provider. 
25 12., The method of claim 1 also including using global positioning system sources to send 

messages to the client. > 

13 . The method of claim 3 in which the client includes a mobile telephone device and the 
geographical location is determined by a mobile telephone service provider. 
,4. The method .of claim 3 in which the measurable physical property includes internal clock 
30 phasing of the client relative to a network master clock. 

70 



SUBSTITUTE SHEET (RULE 26) 



WO 00/69 f ft " PCt/USOO/12642 



15. The method of claim 1 in" Which the acquiring of the information is triggered by a request 
of the client for access to the network. ■=■■' " ^ " *'' / ' 

16. TThe method of claim' 1 alsoiricliidmg' '**' ^ 

controlling access'of the client to' the network based on the acquired' information. 
5 17. ' : Th£ rhethbd of claim 16 in ^hich ; controiling ; access comprises ekcfudirig the client from 
access if the client has not been authenticated;** J >: t% ' u ^ ' " 1 ' : 

18. The method'of claanf I in 1 WhieH the netwbrk comprises a^ closed network and the location 
of the client is controlled by an operator of the tietwork: - ^ ! - 1 ^ ; ^ : 

19. r ' Thie method' Of Ba^ 
10 being acquired. 

20/ ^ ^The i^ iVi ' ;s ^r>w; *>--r 

sending digitized credentials from the client to the'netwbrk: and n ■ £ ' 
r i ^-iv' also' Easing the authentication 1 : Ueciisi6n o'h'the f di^fized L breSOTti^s:^ * 

21. A method comprising --'^ r '" u :,ri: - r:rv ^ L ?i k> v 1 ^^* • 

15-"' : :w ' v -Encrypting ' infbrthatidh inTitomertHatii based' on ?r a physical prdperty of an intended 
recipient of the information, and ; " * 5 "'^' /: ; - - ■ ' i ■■ ifi -t v s 

v delivering the encrypted^ Vi *' ' r 

22. The method of claim 2 1 in which the physical property comprises a location of the 
recipient. 

20 A 23? Tfc ; hrathod of'Saim ; -- 
: 24. ' ,% the method- 1 of Qlaiih 2Pilso ihclu&rig' : • u : - VX: ' / - ; ^ 

V ...... > f .. f ., 

' * decrypting the information on behalf of the redpient bksed^n ■ ^he physical property. 
! 25 The" method of clium 24 in which tfie decrypting is done automatically by the physical 
property. " " " " w 5 ^ * 4 - ' 

25 ' : 26. The method of claim 21 in which the physical pfopferty comprises k sensitivity to light or 
sound of a user associated with the client. * T ; - v * - - 

27 :: The method of clairir21 in which the physical property of fhe ihtehded recipient includes 
properties of DNA associated with the v recipient. 0 i! " ,; - r -r;=;a: : 
28. The method of claim 21 in which tiie physical property of the intended recipient includes 

30 sensitivity of the recipient to light or sound. *' vJ f - ■ *-' u ' 

71 



^ SUBS l i i lTl E SHEET (RULE 26) 



WO 00/691 1 1 *" PCT/US00/1 2642 



29. A method comprising 

physically associating a source of a beacon with a person, 
measuring times of receipt of the beacon at multiple stations, and 
determining the location of the person based on the times of receipt. 
5 30. The method of claim 29 in which the 

times of receipt are measured periodically, and also including 
generating a map of the locations determined from the measurements. 

3 1 . The method of claim 29 also including 

triggering an alert if the location of the person is different from an expected location. 
10 32. ' r The method of claim 29 also including 

.performing an authentication process in connection with determining the location of the 

person. ; 

33. A method comprising 

establishing a set of stations that are configured to acquire information that characterizes 
15 each of multiple clients in a manner that enables a determination about authenticating each of the 

clients with respect to a corresponding network, the information being acquired other than in the 

form of digital messages that are passed on behalf of the clients to the corresponding networks, 

and ■ 

providing the information to operators of the networks to enable them to make 
20 - authentication decisions based on the information. 

347 A method of encrypting and decrypting a message comprising 

expressing the message as a message signal comprised of a sum based on eigenfunctions, 
decomposing the sum into partial sums such that each of the partial sums conveys no 

meaning relative to the message, partial sums from the sum separating the expressions of the 
25 signal into partial summations, 

forming electromagnetic signals based on the respective partial sums, 

sending the electromagnetic signals from respective sources at times selected to assure the 

simultaneous arrival of the signals at an intended location, such that the electromagnetic signals 

superpose themselves to form the message signal. 



30 



72 



SUBSTITUTE SHEET (RULE 26) 



PCTYUS00/12fc42 



1/18 



400 




5 



505 




T 
I 



*6 



100 

r- oct? 



200 




C3 

103 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 11 



PCTAJS00/12642 



2/18 



"Client 
' 104 


Communications 
. Link. 


Authentication Server 


1 2 3 XYZ 




. 12 3 XYZ : 


505 

Digital Credentials 
Being Sent To Gateway 

i 


1 2 3 X Z Z 


200 




Authentication Server 
Database 


1 2 3 XYZ 




FIG. 2 



SUBSTITUTE SHEET (RULE 26) 



WOOO/69211 



PCT/US00/I2642 



3/18 




Communications 
Link 



505 ' J 

Digital; Crfedetitikls t 

Beink ; Sent'^ /!:: e J 

To Gateway ? 



Authentication Server 

200 : 



i 23 xxzfr/; I 



Authentication Server Database 



123XYZ!j;;i 



K 






E 




,. s - 


Y 




' c\ 1 

A 


B 




N 


O 




N 


A 




E 


R 




R 


D 







FIGl 3 



SUBSTITUTE^ SHEET (RUIiE 26) 



WO 00/691 11 



4/18 



E2 602 



El 601 ° 



Spherical Radio Pulse 
Emitted By C A (700) 




Antenna Ta(io«) .. 



Ca 



Radio 
Transmitter 
Receiver 
105 



123XYZ 



CPUa 



Clock 



16 25 03 



X 



104 



K 
E 
Y 
B 
O 
A. 
R 
D 



Communications 
Link 



7 



505 



E3 603 

, Empirical Data Being 
Transmitted To The 
Authentication . 

Server^ 



Antenna TaS (206) 



Authentication Server 



Empirical 
Data 
Ui 



Radio 
Transmitter 
Receiver 



123XYZ 



CPUo 



200 



16 2S03 clock 



Authentication Server 
Database 



User Credentials for Ca 
123XYZ 



Position of Ca 



C 



Network 



100 ^ 



FIG. 4 



(Client 101 j (Client 102 ) 



SUBSTITUTE SHEET (RULE 26) 



WO 00/691 U PGt/USOO/12642 



5/18. 




E2 O ,v ^ 

■Hf E3 CD 

Ei intercepts spherical wave beacon pulse at tAi 



El 




E3 " 



3U_ 



E2 intercepts spherical wave 
se at tA2 



Ca 



V f,y. 



Ei 



E2 



E3 \ 



Ej intercepts spherical wave 
beacon pulse at t A3 



CA 




FIG. 5 



SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE 26) 



WO 00/691 ir* * 



PCT>TJ!S6()/i2642 




substitute Sheet (rijiLe 26) 



WO 00/691 11 



PCTAJS00/12642 



8/18 



E2 

El ^ O 




FIG. 8 



SUBSTITUTE SHEET (RULE 26) 



fc WO00/69in ^ ' PCT/US0p/12642 ,, a 



9/18 



Satellites 




Global Positioning System 

FIG. 8A 



. ; SimSTlTUTE SHEET j(RULE 26) 



WO.00A69111 



PCJT/US00/12642 



10/18 




FIG. 8B 



SUBSTITUTE SHEET (RULE 26) 




SUBSTITUTE SHEET (RULE-26) 



PCT/US00/12642 * 



12/18 



f(t,PA) 



n , nn 



t* 



FIG. 10 



rain n nn 

t* t 
FIG. 10A 



SUBSTITUTE SHEET (RULE 26) 



' * * 'ijfXP&yi r PCT/USOO/12642 

WO 00/69111 ifV: 



iV .1.3/18 



f'(t,PA) .^v 



f 2 (t,PA) 



f 3 (t,PA) 




f(t,PA) 



h/lA. A AA! 



i 



FIG. 1 1: 



' SUBSTITUTE SHEET (RIJIJE . 26) 



WO 00/69111 



i PCT/US00/12642 




SUBSTITUTE SHEET (RULE 26) 




SUBStmrTE SHEET (RULE -26) 



WO 00/69111 



BCT7US00/12&2 



16/18 




(505) 



FIG. 13 



SUBSTITUTE SHEET (RULE 26) 




FIG. 14 



SUBSTTTUTt "SHEET (RULE 26) 



WO 00/69111 



PCT/US00/12642 





.">..: f 


-3 18/18 




f l .(t,PA) 






— — — > 








t . 


J 

f 2 (t,PA) 


t 


nn 










t 




nnn 




. > 








t 


f (t, pa) 










• nnn 


n nn 


-5 ^ 




■ t* .■■ 


FIG. 15 


t 



SUBSTITUTE SHEET (RULE 26) 



12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization j ^llPpa 

International Bureau ^ ^ ^fflfW 

(43) International Publication Date^ " (10) Intentional] Publication Number 

16 November 2000 (16.1 1.2000) PCT WO 00/69111 A3 



(51) International Patent Classification 7 : G01S 1/02, 5/02 

(21) International Application Number: PCT/US00/ 12642 

(22) International Filing Date: 9 May 2000 (09.05.2000) 

(25) Filing Language: English 

(26) Publication Language: English 

(30) Priority Data: ] ? « 

'60/133:492 * " ~ " lO May 1999 (10.05-1999) — US 
09/560.784 28 April 2000 (28.04.2000) US 

(63) Related by continuation (CON) or continuation-in-part 
(CIP) to earlier applications: 

US 60/133.492 (CON) 

- Filed on 10 May 1999(10.05.1999) 



US 

Filed on 



. h .09/560.784 (CON) 
28-April 2000 (28.04.2000) 



,(7J), Applicant and. ' 

(72) Inventor: Dl RIENZO, Andrew, L. [US/US]: 118 
Weaver Road. Elizaville, NY 12523 (US). 

(74) Agent: FEIGENBAUM, David, L.; Fish & Richardson 
PC 225 Franklin Street. Boston. MA 021 10-2804 (US). 

(81) Designated States (national)* AE. AG. AL. AM. AT, AU. 
AZ. BA. BB. BG. BR. BY^ CA. CH. CN, CR. CU, CZ. DE, 
DK, DM. DZ. EE. ES. Fl, GB. GD. GE. GH. GM. HR. HU, 
~ ID;iL,1N:IS. JP.KE. KG. KP, KR. KZ. LC. LK, LR. LS. 
LT LU. LV, MA. MD. MG. MK. MN. MW. MX, NO, NZ. 
PL, FT, RO. RU. SD. SE, SG, SI. SK. SL. TJ. TM, TR, TT. 
TZ, UA. UG. US. UZ. VN. YU. ZA. ZW. 

(84) Designated States (regional): ARIPO patent (GH. GM. 
KE, LS, MW. SD, SL, SZ! U^ZW^. Eurasian patent 

5* ~! T ~'\\ ' } ? [Continued on next page] 



(54) Title: AUTHENTICATION 

E2 602 

El 601 ° 

Spherical Radio Pulse 
Emitted By Ca (700) 



< 



SO 




Antenna Ta(106) 




£3 603 

Empirical Data Being 
Transmitted To The 

Authentication ( ""| X J "i X 
Server. 



123XYZ 



CPUa 



link 



505 



Clock 



| 16 25 03 



104 



K 
£ 
Y 
B 
O 



Authentication Server 



Empirical 
Data' 

tAl 



Radio 
Transmitter 
Recover 



CPUo 



123XYZ 



200 



16 25 03 



I Clock 



Authentication Server 
Database 



User Credentials for Ca 
123XYZ 



Position of Ca 



(57) Abstract: In connection with authenticating 
a client of a network, information is acquired that 
characterizes the client^in a. manner that enables 
a determination atiptif ^authenticating the client 
of the network, the information being acquired 
other than ih the form of a digital message that 
* ;is passed on behalf of the client to the network: 
Jan aut henti i cation decision is made based on the 
information. Information is encrypted in a manner 
:that is based on a physical property of an intended 
.recipient of the information, and delivering the 
■encrypted information to the recipient. A source 
of a beacon is physically associated with a person, 
times of receipt of the beacon at multiple stations 
are measured, and the location of the person is 
determined based on the times of receipt. A set of 
stations is established that are configured to acquire 
information that characterizes each of multiple 
clients in a manner that enables a determination 
about authenticating each of the clients with respect 
to a corresponding network, the information 
being acquired other than in the form of digital 
messages that are passed on behalf of the clients 
to the corresponding networks. The information 
is provided to operators of the networks to enable 
them to make authentication decisions based on the 
information. 



WO 00/69111 A3 



(AM. AZ. BY. KG. KZ. Ml). RU.TJ.TM-K European patent - 
( AT BE. CH. CY. DE. DK. ES. Fl. FR. GB.GR. IE. IT. LU. 
MC, NL. PT, SE». OA PI patent (BF. BJ. CF. CG. CI. CM. 
GA. GN. GW, ML. MR. NE. SN, TIX TG). 

Published:- J\r 

— with international search report 



(881 Date of publication of the international search report: 

. 21 February 2002 

tor two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations'' appearing at the hegin- 
i ting of each regular issue of the PC 7 Gaz ette. 



.INTERNATIONAL SEARCH REPORT 



International Application No.. 

PCT/US 00/12642 



A. CLASSIFICATION OF SUBJECT MATTER . , j , - n , 

IPC 7 G01S1/02 G01S5/02 roV>^ : ; 

According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 7 H04L G06F G01S H04Q 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and. where practical, search terms used) 



C. DOCUME 

Category ° 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


X 


US 4 860 352 A (LAURANCE JOEL E ET AL) 

22 August 1989 (1989-08-22) 

abstract 

column 3, line 63 -column 10, line 37 


1-25, 
29-33 


A 


US 5 754 657 A (JANKY JAMES M ET AL) 

19 May 1998 (1998-05-19) 

column 2, line 14 - line 63 

column 6, line 12 -column 9, line 4 


1 


A 


US 5 757 916 A (ANDERSON STEVEN M ET AL) 

26 May 1998 (1998-05-26) 

abstract 

column 1, line 29 -column 2, line 61 


12 


A 


US 5 327 144 A (STILP LOUIS A ET AL) 

5 July 1994 (1994-07-05) 

column 3, line 40* -column 7, line 50 

-/~ 


10,11,13 



HI 



Further documents are listed in the continuation of box C. 



0 



Patent family members are listed in annex. 



° Special categories of cited documents : 

"A" document defining the general state of the art which is not 

considered to be of particular relevance 
"E" earlier document but published on or after the international 

filing date 

"L" document which may throw doubts on priority claim(s)or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

"O* document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



T later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

"&" document member of the same patent family 



Date of the actual completion of the international search 

19 February 2001 



Date of mailing of the international search report 

Jig irt 



Name and mailing address of the ISA 

European Patent Office. P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70)340-3016 



Authorized officer 



Carnerero Alvaro, F 



cr— DTTflcartin i^c^r^d sheet) (July 1992) 



INTERNATIONAL SEARCH REPORT 





'prriKM2\0 imntinuaiion ol second sheet) (July 1992) 



INTERNATIONAL SEARCH REP.ORX 



International application No. 

PCT/US 00/12642 



Box I Observations where certain claims we're ifbuh'd'uh'search'able (Continuation' of item 1 o1 first sheet) 



This International Search Report has not been established in respepfpf. certain .cairns under Article 17(2^a);f6r the ^ 



reasons: 1 



Claims Nos.: ' L L ^. A . . . 

because they relate to subject matter not required to be searched by this Authority, namely: 



□ Claims Nos.; , .... * , T *^ 

because they relate to parts of the International Application that do not comply with the prescribed requirements to such 
an extent that no meaningful International Search can be carried out, specifically: 



3 * i 1 because they are 5 dependent claims and are not drafted in accordance with the second and third sentences of Rule 6.4(a). ; 



Box II Observations where unity of invention is lacking (Continuation of item 2 of first sheet) 



This International Searching Authority found multiple inventions in this international application, as follows: 



1 I [ As a || required additional search fees were timely paid by the applicant, this International Search Report covers all ; 
' ' searchable claims. I 

2 I | as all searchable claims could be searched without effort justifying an additional fee, this Authority did not invite payment 

of any additional. fee. v 



3 I I As only some of the required additional search fees were timely paid by the applicant, this International Search Report 
I 1 CO vers only those claims for which fees were paid, specifically claims Nos.: 



4 n7\ No required additional search fees were timely paid by the applicant. Consequently, 
restricted to the invention first mentioned in the claims; it is covered by claims Nos.: 



this International Search Report is 



1-25, 29-33 



Remark on Protest 



| | The additional search fees were accompanied by the applicant's protest. 
| | No protest accompanied the payment of additional search fees. 



r^-r,.oA (continuation of first sheet (1» (July 1998) 



V 

f 



International Application No. PCT/US 00/12642 



FURTHER INFORMATION CONTINUED FROM PGT/ISA/ 210 



1. Claims: 1-25,29-33 - - 

\\. * Location-based authentication and encryption. 

2. Claims: 26-28 - 

Obscuring of text by means of an individual's biological 
prof i 1 e 



; 3. Claim : 34 V 

'Interference-based secure transmission of information. 



INTERNATIONAL SEARCH REPORT 

Information on patent family members 



international Application No 

PCT/US 00/12642 



Patent document 
cited in. search report 



Publication 
date 



Patent family 
member(s) 



Publication 
date 



US 4860352 


■A- 


22-08- 


1989 - 


E p... 


-0203853 


A - 


... 03-12-1986 




- 














-:- -r.T - - - . 


US -5754657 " 


A - 


19*05- 


-1998' 


- NONE 






- - 


US 5757916 


A 


26-05- 


1998 


AU 


7392196 


A " 


28-04-1997 








; GA 


2233962, A ■ . 


... ;10-04-1997 








EP 


0880839 


A 


02-12-1998 










JP 


11512860 


T 


02-11-1999 










WO 


9713341 


A 


10-04-1997 


US 5327144 


A 


05-07- 


1994 


AT 


165169 


t 


15-05-1998 










...AU , 


677292 


B 


17-04-1997 










AU 


6094094 


A : •' 


,12-12-1994 










AU 


6820694 


A 


12-12-1994 










BR 


9406463 


A 


30-01-1996 










CA 


2161333 




.24-11-1994 










DE 


69409645 


D 


" 20-05-1998 










- DE,.,: 


69409645, 


•T. 


06-08-1998 










EP 


0700525 


A 


13-03-1996 










HK 


1010461 


A 


17-06-1999 










JP 


2843951 


B 


06-01-1999 










JP 


8508381 


T 


03-09-1996 










KR 


153589 


B 


15-12-1998 










RU 


2107925 


C 


27-03-1998 










SG 


48730 


A 


18-05-1998 










W0 


9427160 


A 


24-11-1994 










WO 


9427161 


A 


24-11-1994 










US 


5608410 


A 


04-03-1997 










ZA 


9401019 


A 


25-08-1994 


WO 9857189 


A 


17-12- 


1998 


US 


6091957 


A 


18-07-2000 








AU 


7818298 


A 


30-12-1998 



Form PCT/1SA/210 (patent tamily annex) (July 1992) 




This Page Blank (uspto) 




